Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add image for cryptpad #10262

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Add image for cryptpad #10262

wants to merge 2 commits into from

Conversation

promasu
Copy link

@promasu promasu commented May 28, 2021

Hi there,

I want to contribute the Dockerimage for CryptPad to the library.

Signed-off-by: Adrian Nöthlich [email protected]

Checklist for Review

NOTE: This checklist is intended for the use of the Official Images maintainers both to track the status of your PR and to help inform you and others of where we're at. As such, please leave the "checking" of items to the repository maintainers. If there is a point below for which you would like to provide additional information or note completion, please do so by commenting on the PR. Thanks! (and thanks for staying patient with us ❤️)

  • associated with or contacted upstream?
  • does it fit into one of the common categories? ("service", "language stack", "base distribution")
  • is it reasonably popular, or does it solve a particular use case well?
  • does a documentation PR exist? (should be reviewed and merged at roughly the same time so that we don't have an empty image page on the Hub for very long)
  • official-images maintainer dockerization review for best practices and cache gotchas/improvements (ala the official review guidelines)?
  • 2+ official-images maintainer dockerization review?
  • existing official images have been considered as a base? (ie, if foobar needs Node.js, has FROM node:... instead of grabbing node via other means been considered?)
  • if FROM scratch, tarballs only exist in a single commit within the associated history?
  • passes current tests? any simple new tests that might be appropriate to add? (https://github.com/docker-library/official-images/tree/master/test)

Signed-off-by: Adrian Noethlich <[email protected]>
@github-actions

This comment has been minimized.

@promasu
Copy link
Author

promasu commented Jun 1, 2021

The build seems to fail because we pull in the upstream source repository as a git submodule and the current workflow does not pull them in. Do I have to change something to make this work?

@J0WI
Copy link
Contributor

J0WI commented Jun 29, 2021

Do I have to change something to make this work?

Download the latest release in the Dockerfile instead of COPY.

@tianon
Copy link
Member

tianon commented Oct 27, 2021

Unfortunately our build tooling does not support Git submodules. Even if it did, since the Dockerfile uses COPY cryptpad ..., it essentially means the entire upstream source code would be part of the Docker build context, and thus becomes part of the reviewed artifacts (see diff-pr.sh for how we generate our diff; it is basically taking all docker build contexts from the starting library/foo file and diffing them to the new contexts from the PR), so I'll confirm: downloading the official release (with some sort of verification; https://github.com/docker-library/official-images#security) is the preferred/recommended method.

@github-actions
Copy link

github-actions bot commented Oct 9, 2023

Diff for edbdd76:
diff --git a/_bashbrew-arches b/_bashbrew-arches
index 8b13789..45d7292 100644
--- a/_bashbrew-arches
+++ b/_bashbrew-arches
@@ -1 +1,3 @@
-
+amd64
+arm32v7
+arm64v8
diff --git a/_bashbrew-cat b/_bashbrew-cat
index bdfae4a..eb84357 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1 +1,173 @@
-Maintainers: New Image! :D (@docker-library-bot)
+Maintainers: Adrian Nöthlich <[email protected]> (@promasu)
+GitRepo: https://github.com/xwiki-labs/cryptpad-docker.git
+
+Tags: v3.25.1, v3.25.1-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 9f84f66aca5d12ac9348f016dc1f3fc20c33ab73
+
+Tags: v3.25.1-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 9f84f66aca5d12ac9348f016dc1f3fc20c33ab73
+File: Dockerfile-alpine
+
+Tags: v3.25.1-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 9f84f66aca5d12ac9348f016dc1f3fc20c33ab73
+File: Dockerfile-nginx
+
+Tags: v3.25.1-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 9f84f66aca5d12ac9348f016dc1f3fc20c33ab73
+File: Dockerfile-nginx-alpine
+
+Tags: v4.0.0, v4.0.0-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: d6f3740eb039499eed65d14f00a94bce2b65effe
+
+Tags: v4.0.0-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: d6f3740eb039499eed65d14f00a94bce2b65effe
+File: Dockerfile-alpine
+
+Tags: v4.0.0-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: d6f3740eb039499eed65d14f00a94bce2b65effe
+File: Dockerfile-nginx
+
+Tags: v4.0.0-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: d6f3740eb039499eed65d14f00a94bce2b65effe
+File: Dockerfile-nginx-alpine
+
+Tags: v4.1.0, v4.1.0-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 76057146a6b7228ef55706df69372fc402be937b
+
+Tags: v4.1.0-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 76057146a6b7228ef55706df69372fc402be937b
+File: Dockerfile-alpine
+
+Tags: v4.1.0-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 76057146a6b7228ef55706df69372fc402be937b
+File: Dockerfile-nginx
+
+Tags: v4.1.0-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 76057146a6b7228ef55706df69372fc402be937b
+File: Dockerfile-nginx-alpine
+
+Tags: v4.2.1, v4.2.1-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 0a83375ccddae54b8b7c0b0fd2fd1083b2b09a9f
+
+Tags: v4.2.1-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 0a83375ccddae54b8b7c0b0fd2fd1083b2b09a9f
+File: Dockerfile-alpine
+
+Tags: v4.2.1-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 0a83375ccddae54b8b7c0b0fd2fd1083b2b09a9f
+File: Dockerfile-nginx
+
+Tags: v4.2.1-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 0a83375ccddae54b8b7c0b0fd2fd1083b2b09a9f
+File: Dockerfile-nginx-alpine
+
+Tags: v4.3.0, v4.3.0-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 025ffb5b74a519a8fb5b6407d93ce18111685bc7
+
+Tags: v4.3.0-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 025ffb5b74a519a8fb5b6407d93ce18111685bc7
+File: Dockerfile-alpine
+
+Tags: v4.3.0-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 025ffb5b74a519a8fb5b6407d93ce18111685bc7
+File: Dockerfile-nginx
+
+Tags: v4.3.0-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 025ffb5b74a519a8fb5b6407d93ce18111685bc7
+File: Dockerfile-nginx-alpine
+
+Tags: v4.3.1, v4.3.1-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: ba24e3fb37a07a7f93969dd936de6e7325911bc5
+
+Tags: v4.3.1-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: ba24e3fb37a07a7f93969dd936de6e7325911bc5
+File: Dockerfile-alpine
+
+Tags: v4.3.1-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: ba24e3fb37a07a7f93969dd936de6e7325911bc5
+File: Dockerfile-nginx
+
+Tags: v4.3.1-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: ba24e3fb37a07a7f93969dd936de6e7325911bc5
+File: Dockerfile-nginx-alpine
+
+Tags: v4.4.0, v4.4.0-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: c76a49f0cbe069f75abfbd411f659d99c4f00d14
+
+Tags: v4.4.0-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: c76a49f0cbe069f75abfbd411f659d99c4f00d14
+File: Dockerfile-alpine
+
+Tags: v4.4.0-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: c76a49f0cbe069f75abfbd411f659d99c4f00d14
+File: Dockerfile-nginx
+
+Tags: v4.4.0-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: c76a49f0cbe069f75abfbd411f659d99c4f00d14
+File: Dockerfile-nginx-alpine
+
+Tags: v4.5.0, v4.5.0-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: cd4bd43e6764eef821df1688298f209764e49c55
+
+Tags: v4.5.0-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: cd4bd43e6764eef821df1688298f209764e49c55
+File: Dockerfile-alpine
+
+Tags: v4.5.0-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: cd4bd43e6764eef821df1688298f209764e49c55
+File: Dockerfile-nginx
+
+Tags: v4.5.0-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: cd4bd43e6764eef821df1688298f209764e49c55
+File: Dockerfile-nginx-alpine
+
+Tags: v4.6.0, v4.6.0-buster, latest, latest-buster
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 6ad28492eda4c9a30d98305e9065bf518552f90c
+
+Tags: v4.6.0-alpine, latest-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 6ad28492eda4c9a30d98305e9065bf518552f90c
+File: Dockerfile-alpine
+
+Tags: v4.6.0-nginx, latest-nginx
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 6ad28492eda4c9a30d98305e9065bf518552f90c
+File: Dockerfile-nginx
+
+Tags: v4.6.0-nginx-alpine, latest-nginx-alpine
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: 6ad28492eda4c9a30d98305e9065bf518552f90c
+File: Dockerfile-nginx-alpine
diff --git a/_bashbrew-list b/_bashbrew-list
index e69de29..8cb1899 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -0,0 +1,50 @@
+cryptpad:latest
+cryptpad:latest-alpine
+cryptpad:latest-buster
+cryptpad:latest-nginx
+cryptpad:latest-nginx-alpine
+cryptpad:v3.25.1
+cryptpad:v3.25.1-alpine
+cryptpad:v3.25.1-buster
+cryptpad:v3.25.1-nginx
+cryptpad:v3.25.1-nginx-alpine
+cryptpad:v4.0.0
+cryptpad:v4.0.0-alpine
+cryptpad:v4.0.0-buster
+cryptpad:v4.0.0-nginx
+cryptpad:v4.0.0-nginx-alpine
+cryptpad:v4.1.0
+cryptpad:v4.1.0-alpine
+cryptpad:v4.1.0-buster
+cryptpad:v4.1.0-nginx
+cryptpad:v4.1.0-nginx-alpine
+cryptpad:v4.2.1
+cryptpad:v4.2.1-alpine
+cryptpad:v4.2.1-buster
+cryptpad:v4.2.1-nginx
+cryptpad:v4.2.1-nginx-alpine
+cryptpad:v4.3.0
+cryptpad:v4.3.0-alpine
+cryptpad:v4.3.0-buster
+cryptpad:v4.3.0-nginx
+cryptpad:v4.3.0-nginx-alpine
+cryptpad:v4.3.1
+cryptpad:v4.3.1-alpine
+cryptpad:v4.3.1-buster
+cryptpad:v4.3.1-nginx
+cryptpad:v4.3.1-nginx-alpine
+cryptpad:v4.4.0
+cryptpad:v4.4.0-alpine
+cryptpad:v4.4.0-buster
+cryptpad:v4.4.0-nginx
+cryptpad:v4.4.0-nginx-alpine
+cryptpad:v4.5.0
+cryptpad:v4.5.0-alpine
+cryptpad:v4.5.0-buster
+cryptpad:v4.5.0-nginx
+cryptpad:v4.5.0-nginx-alpine
+cryptpad:v4.6.0
+cryptpad:v4.6.0-alpine
+cryptpad:v4.6.0-buster
+cryptpad:v4.6.0-nginx
+cryptpad:v4.6.0-nginx-alpine
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index e69de29..efec74c 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -0,0 +1,36 @@
+cryptpad:v3.25.1-buster
+cryptpad:v3.25.1-alpine
+cryptpad:v3.25.1-nginx
+cryptpad:v3.25.1-nginx-alpine
+cryptpad:v4.0.0-buster
+cryptpad:v4.0.0-alpine
+cryptpad:v4.0.0-nginx
+cryptpad:v4.0.0-nginx-alpine
+cryptpad:v4.1.0-buster
+cryptpad:v4.1.0-alpine
+cryptpad:v4.1.0-nginx
+cryptpad:v4.1.0-nginx-alpine
+cryptpad:v4.2.1-buster
+cryptpad:v4.2.1-alpine
+cryptpad:v4.2.1-nginx
+cryptpad:v4.2.1-nginx-alpine
+cryptpad:v4.3.0-buster
+cryptpad:v4.3.0-alpine
+cryptpad:v4.3.0-nginx
+cryptpad:v4.3.0-nginx-alpine
+cryptpad:v4.3.1-buster
+cryptpad:v4.3.1-alpine
+cryptpad:v4.3.1-nginx
+cryptpad:v4.3.1-nginx-alpine
+cryptpad:v4.4.0-buster
+cryptpad:v4.4.0-alpine
+cryptpad:v4.4.0-nginx
+cryptpad:v4.4.0-nginx-alpine
+cryptpad:v4.5.0-buster
+cryptpad:v4.5.0-alpine
+cryptpad:v4.5.0-nginx
+cryptpad:v4.5.0-nginx-alpine
+cryptpad:latest-buster
+cryptpad:latest-alpine
+cryptpad:latest-nginx
+cryptpad:latest-nginx-alpine
diff --git a/cryptpad_latest-alpine/.dockerignore b/cryptpad_latest-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_latest-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_latest-alpine/Dockerfile-alpine b/cryptpad_latest-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..9b80c5e
--- /dev/null
+++ b/cryptpad_latest-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_latest-buster/.dockerignore b/cryptpad_latest-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_latest-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_latest-buster/Dockerfile b/cryptpad_latest-buster/Dockerfile
new file mode 100644
index 0000000..aaa97b7
--- /dev/null
+++ b/cryptpad_latest-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_latest-nginx-alpine/.dockerignore b/cryptpad_latest-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_latest-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_latest-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_latest-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_latest-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_latest-nginx-alpine/docker-entrypoint.sh b/cryptpad_latest-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_latest-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_latest-nginx-alpine/supervisord.conf b/cryptpad_latest-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_latest-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_latest-nginx/.dockerignore b/cryptpad_latest-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_latest-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_latest-nginx/Dockerfile-nginx b/cryptpad_latest-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_latest-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_latest-nginx/docker-entrypoint.sh b/cryptpad_latest-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_latest-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_latest-nginx/supervisord.conf b/cryptpad_latest-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_latest-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v3.25.1-alpine/.dockerignore b/cryptpad_v3.25.1-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v3.25.1-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v3.25.1-alpine/Dockerfile-alpine b/cryptpad_v3.25.1-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v3.25.1-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v3.25.1-buster/.dockerignore b/cryptpad_v3.25.1-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v3.25.1-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v3.25.1-buster/Dockerfile b/cryptpad_v3.25.1-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v3.25.1-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v3.25.1-nginx-alpine/.dockerignore b/cryptpad_v3.25.1-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v3.25.1-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v3.25.1-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..3138393
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,65 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v3.25.1-nginx-alpine/docker-entrypoint.sh b/cryptpad_v3.25.1-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v3.25.1-nginx-alpine/supervisord.conf b/cryptpad_v3.25.1-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v3.25.1-nginx/.dockerignore b/cryptpad_v3.25.1-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v3.25.1-nginx/Dockerfile-nginx b/cryptpad_v3.25.1-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..8188212
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx/Dockerfile-nginx
@@ -0,0 +1,67 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Debian uses www-data user instead of nginx
+RUN sed -i 's@\(^user\).*[^;]@\1 www-data@' /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v3.25.1-nginx/docker-entrypoint.sh b/cryptpad_v3.25.1-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v3.25.1-nginx/supervisord.conf b/cryptpad_v3.25.1-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v3.25.1-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.0.0-alpine/.dockerignore b/cryptpad_v4.0.0-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.0.0-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.0.0-alpine/Dockerfile-alpine b/cryptpad_v4.0.0-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v4.0.0-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.0.0-buster/.dockerignore b/cryptpad_v4.0.0-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.0.0-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.0.0-buster/Dockerfile b/cryptpad_v4.0.0-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v4.0.0-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.0.0-nginx-alpine/.dockerignore b/cryptpad_v4.0.0-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.0.0-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.0.0-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..3138393
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,65 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.0.0-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.0.0-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.0.0-nginx-alpine/supervisord.conf b/cryptpad_v4.0.0-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.0.0-nginx/.dockerignore b/cryptpad_v4.0.0-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.0.0-nginx/Dockerfile-nginx b/cryptpad_v4.0.0-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..8188212
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx/Dockerfile-nginx
@@ -0,0 +1,67 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Debian uses www-data user instead of nginx
+RUN sed -i 's@\(^user\).*[^;]@\1 www-data@' /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.0.0-nginx/docker-entrypoint.sh b/cryptpad_v4.0.0-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.0.0-nginx/supervisord.conf b/cryptpad_v4.0.0-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.0.0-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.1.0-alpine/.dockerignore b/cryptpad_v4.1.0-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.1.0-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.1.0-alpine/Dockerfile-alpine b/cryptpad_v4.1.0-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v4.1.0-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.1.0-buster/.dockerignore b/cryptpad_v4.1.0-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.1.0-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.1.0-buster/Dockerfile b/cryptpad_v4.1.0-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v4.1.0-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.1.0-nginx-alpine/.dockerignore b/cryptpad_v4.1.0-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.1.0-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.1.0-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..3138393
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,65 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.1.0-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.1.0-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.1.0-nginx-alpine/supervisord.conf b/cryptpad_v4.1.0-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.1.0-nginx/.dockerignore b/cryptpad_v4.1.0-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.1.0-nginx/Dockerfile-nginx b/cryptpad_v4.1.0-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..8188212
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx/Dockerfile-nginx
@@ -0,0 +1,67 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Debian uses www-data user instead of nginx
+RUN sed -i 's@\(^user\).*[^;]@\1 www-data@' /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.1.0-nginx/docker-entrypoint.sh b/cryptpad_v4.1.0-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.1.0-nginx/supervisord.conf b/cryptpad_v4.1.0-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.1.0-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.2.1-alpine/.dockerignore b/cryptpad_v4.2.1-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.2.1-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.2.1-alpine/Dockerfile-alpine b/cryptpad_v4.2.1-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v4.2.1-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.2.1-buster/.dockerignore b/cryptpad_v4.2.1-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.2.1-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.2.1-buster/Dockerfile b/cryptpad_v4.2.1-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v4.2.1-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.2.1-nginx-alpine/.dockerignore b/cryptpad_v4.2.1-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.2.1-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.2.1-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.2.1-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.2.1-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.2.1-nginx-alpine/supervisord.conf b/cryptpad_v4.2.1-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.2.1-nginx/.dockerignore b/cryptpad_v4.2.1-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.2.1-nginx/Dockerfile-nginx b/cryptpad_v4.2.1-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.2.1-nginx/docker-entrypoint.sh b/cryptpad_v4.2.1-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.2.1-nginx/supervisord.conf b/cryptpad_v4.2.1-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.2.1-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.3.0-alpine/.dockerignore b/cryptpad_v4.3.0-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.0-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.0-alpine/Dockerfile-alpine b/cryptpad_v4.3.0-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v4.3.0-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.3.0-buster/.dockerignore b/cryptpad_v4.3.0-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.0-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.0-buster/Dockerfile b/cryptpad_v4.3.0-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v4.3.0-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.3.0-nginx-alpine/.dockerignore b/cryptpad_v4.3.0-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.0-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.3.0-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.3.0-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.3.0-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.3.0-nginx-alpine/supervisord.conf b/cryptpad_v4.3.0-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.3.0-nginx/.dockerignore b/cryptpad_v4.3.0-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.0-nginx/Dockerfile-nginx b/cryptpad_v4.3.0-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.3.0-nginx/docker-entrypoint.sh b/cryptpad_v4.3.0-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.3.0-nginx/supervisord.conf b/cryptpad_v4.3.0-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.3.0-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.3.1-alpine/.dockerignore b/cryptpad_v4.3.1-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.1-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.1-alpine/Dockerfile-alpine b/cryptpad_v4.3.1-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..f066af5
--- /dev/null
+++ b/cryptpad_v4.3.1-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.3.1-buster/.dockerignore b/cryptpad_v4.3.1-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.1-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.1-buster/Dockerfile b/cryptpad_v4.3.1-buster/Dockerfile
new file mode 100644
index 0000000..a9bda57
--- /dev/null
+++ b/cryptpad_v4.3.1-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["server.js"]
diff --git a/cryptpad_v4.3.1-nginx-alpine/.dockerignore b/cryptpad_v4.3.1-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.1-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.3.1-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.3.1-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.3.1-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.3.1-nginx-alpine/supervisord.conf b/cryptpad_v4.3.1-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.3.1-nginx/.dockerignore b/cryptpad_v4.3.1-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.3.1-nginx/Dockerfile-nginx b/cryptpad_v4.3.1-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.3.1-nginx/docker-entrypoint.sh b/cryptpad_v4.3.1-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.3.1-nginx/supervisord.conf b/cryptpad_v4.3.1-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.3.1-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.4.0-alpine/.dockerignore b/cryptpad_v4.4.0-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.4.0-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.4.0-alpine/Dockerfile-alpine b/cryptpad_v4.4.0-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..9b80c5e
--- /dev/null
+++ b/cryptpad_v4.4.0-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_v4.4.0-buster/.dockerignore b/cryptpad_v4.4.0-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.4.0-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.4.0-buster/Dockerfile b/cryptpad_v4.4.0-buster/Dockerfile
new file mode 100644
index 0000000..aaa97b7
--- /dev/null
+++ b/cryptpad_v4.4.0-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_v4.4.0-nginx-alpine/.dockerignore b/cryptpad_v4.4.0-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.4.0-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.4.0-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.4.0-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.4.0-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.4.0-nginx-alpine/supervisord.conf b/cryptpad_v4.4.0-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.4.0-nginx/.dockerignore b/cryptpad_v4.4.0-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.4.0-nginx/Dockerfile-nginx b/cryptpad_v4.4.0-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.4.0-nginx/docker-entrypoint.sh b/cryptpad_v4.4.0-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.4.0-nginx/supervisord.conf b/cryptpad_v4.4.0-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.4.0-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.5.0-alpine/.dockerignore b/cryptpad_v4.5.0-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.5.0-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.5.0-alpine/Dockerfile-alpine b/cryptpad_v4.5.0-alpine/Dockerfile-alpine
new file mode 100644
index 0000000..9b80c5e
--- /dev/null
+++ b/cryptpad_v4.5.0-alpine/Dockerfile-alpine
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+# Create user and group for cryptpad so it does not run as root
+RUN addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -g 4001 -H -h /cryptpad cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_v4.5.0-buster/.dockerignore b/cryptpad_v4.5.0-buster/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.5.0-buster/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.5.0-buster/Dockerfile b/cryptpad_v4.5.0-buster/Dockerfile
new file mode 100644
index 0000000..aaa97b7
--- /dev/null
+++ b/cryptpad_v4.5.0-buster/Dockerfile
@@ -0,0 +1,50 @@
+# Multistage build to reduce image size and increase security
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq git
+RUN npm install -g bower
+
+# Create folder for cryptpad
+RUN mkdir /cryptpad
+WORKDIR /cryptpad
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+RUN sed -i "s@//httpAddress: '::'@httpAddress: '0.0.0.0'@" /cryptpad/config/config.example.js
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+# Create user and group for cryptpad so it does not run as root
+RUN groupadd cryptpad -g 4001
+RUN useradd cryptpad -u 4001 -g 4001 -d /cryptpad
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+USER cryptpad
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob
+VOLUME /cryptpad/block
+VOLUME /cryptpad/customize
+VOLUME /cryptpad/data
+VOLUME /cryptpad/datastore
+
+# Ports
+EXPOSE 3000 3001
+
+# Run cryptpad on startup
+CMD ["npm", "start"]
diff --git a/cryptpad_v4.5.0-nginx-alpine/.dockerignore b/cryptpad_v4.5.0-nginx-alpine/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx-alpine/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.5.0-nginx-alpine/Dockerfile-nginx-alpine b/cryptpad_v4.5.0-nginx-alpine/Dockerfile-nginx-alpine
new file mode 100644
index 0000000..d8cf6bd
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx-alpine/Dockerfile-nginx-alpine
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-alpine AS build
+
+# Install requirements to clone repository and install deps
+RUN apk add --no-cache git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-alpine
+
+RUN set -x \
+    # Create users and groups for nginx and cryptpad
+    && addgroup -g 4001 -S cryptpad \
+    && adduser -u 4001 -S -D -G cryptpad -H -h /dev/null cryptpad \
+    \
+    # Create needed dir for nginx pid
+    && mkdir -p /var/run/nginx \
+    \
+    # Install packages
+    && apk add supervisor nginx openssl zlib pcre \
+    && rm -rf /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Disable server tokens
+RUN sed -i "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.5.0-nginx-alpine/docker-entrypoint.sh b/cryptpad_v4.5.0-nginx-alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx-alpine/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.5.0-nginx-alpine/supervisord.conf b/cryptpad_v4.5.0-nginx-alpine/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx-alpine/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
diff --git a/cryptpad_v4.5.0-nginx/.dockerignore b/cryptpad_v4.5.0-nginx/.dockerignore
new file mode 100644
index 0000000..30bd2f4
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx/.dockerignore
@@ -0,0 +1,9 @@
+.dockerignore
+.git
+.gitignore
+.gitmodules
+cryptpad/.git
+customize
+docker-compose.yml
+traefik2.yml
+Dockerfile*
diff --git a/cryptpad_v4.5.0-nginx/Dockerfile-nginx b/cryptpad_v4.5.0-nginx/Dockerfile-nginx
new file mode 100644
index 0000000..b004a40
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx/Dockerfile-nginx
@@ -0,0 +1,68 @@
+# Multistage build to reduce image size and increase security
+
+FROM node:12-buster-slim AS build
+
+# Install requirements to clone repository and install deps
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq git \
+    && npm install -g bower
+
+# Get cryptpad from repository submodule
+COPY cryptpad /cryptpad
+
+WORKDIR /cryptpad
+
+# Install dependencies
+RUN npm install --production \
+    && npm install -g bower \
+    && bower install --allow-root
+
+# Create actual cryptpad image
+FROM node:12-buster-slim
+
+RUN set -x \
+    # Create users and groups for cryptpad
+    && groupadd -r -g 4001 cryptpad \
+    && useradd -rMs /bin/false -d /dev/null -u 4001 -g 4001 cryptpad \
+    \
+    # Install packages
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends nginx supervisor openssl zlib1g \
+    && rm -rf /var/lib/apt/lists/* /etc/nginx
+
+# Copy nginx conf from official image
+COPY --from=nginx:latest /etc/nginx /etc/nginx
+
+# Change nginx user and disable server tokens
+RUN sed -i -e 's@\(^user\).*[^;]@\1 www-data@' \
+    -e "/default_type/a \\    server_tokens off;" /etc/nginx/nginx.conf
+
+# Copy cryptpad with installed modules
+COPY --from=build --chown=cryptpad /cryptpad /cryptpad
+
+# Copy supervisord conf file
+COPY supervisord.conf /etc/supervisord.conf
+
+# Copy docker-entrypoint.sh script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# Set workdir to cryptpad
+WORKDIR /cryptpad
+
+# Create directories
+RUN mkdir blob block customize data datastore \
+    && chown cryptpad:cryptpad blob block customize data datastore
+
+# Volumes for data persistence
+VOLUME /cryptpad/blob \
+       /cryptpad/block \
+       /cryptpad/customize \
+       /cryptpad/data \
+       /cryptpad/datastore
+
+# Ports
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
diff --git a/cryptpad_v4.5.0-nginx/docker-entrypoint.sh b/cryptpad_v4.5.0-nginx/docker-entrypoint.sh
new file mode 100755
index 0000000..0a02703
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx/docker-entrypoint.sh
@@ -0,0 +1,163 @@
+#/bin/sh
+
+## Required vars
+# CPAD_MAIN_DOMAIN
+# CPAD_SANDBOX_DOMAIN
+#
+## Optional vars
+# CPAD_API_DOMAIN
+# CPAD_FILES_DOMAIN
+#
+## Both these vars must be set in order for nginx to terminate TLS
+# CPAD_TLS_CERT
+# CPAD_TLS_KEY
+## If dhparam.pem file is absent it will be generated
+# CPAD_TLS_DHPARAM
+#
+# CPAD_TRUSTED_PROXY
+# CPAD_REALIP_HEADER
+# CPAD_REALIP_RECURSIVE
+#
+## Testing vars, may be removed later
+# CPAD_HTTP2_DISABLE="true"
+#
+
+set -e
+
+CPAD_HOME="/cryptpad"
+
+# Since Nginx configuration is copied from the official image we need to
+# correct some stuff
+# Fix log path
+sed -i -e "s@\(error_log\) */.* \(.*;\)@\1 /dev/stderr \2@" \
+       -e "s@\(access_log\) */.* \(.*;\)@\1 /dev/stdout \2@" \
+       ${CPAD_NGINX_CONF:=/etc/nginx/nginx.conf}
+
+# Remove nginx default enabled conf
+if [ -f /etc/nginx/conf.d/default.conf ]; then
+  rm /etc/nginx/conf.d/default.conf
+fi
+
+# Test if nginx config file already exists (eg: docker swarm config)
+# if absent, copy example and apply corrections
+if [ ! -f "${CPAD_NGINX_CPAD_CONF:=/etc/nginx/conf.d/cryptpad.conf}" ]; then
+
+  # Copy nginx config example from Cryptpad
+  cp $CPAD_HOME/docs/example.nginx.conf $CPAD_NGINX_CPAD_CONF
+
+  # Set domains
+  if [ -z "${CPAD_MAIN_DOMAIN:-}" ]; then
+    echo "Error: No main domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_MAIN_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_SANDBOX_DOMAIN:-}" ]; then
+    echo "Error: No sandbox domain specified"
+    exit 1
+  else
+    sed -i "[email protected]@$CPAD_SANDBOX_DOMAIN@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_API_DOMAIN}" ]; then
+    sed -i "s@api.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  if [ -z "${CPAD_FILES_DOMAIN}" ]; then
+    sed -i "s@files.$CPAD_MAIN_DOMAIN@\$\{main_domain\}@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Change nginx document root
+  sed -i "s@\(root\) */.*\([^;]\)@\1 $CPAD_HOME@" $CPAD_NGINX_CPAD_CONF
+
+  # Wether or not Nginx should terminate TLS (defaults to true)
+  if [ -n "$CPAD_TLS_CERT" \
+    -a -n "$CPAD_TLS_KEY" ]; then
+
+    # If cert is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_CERT" ]; then
+      sed -i "s@\( *ssl_certificate[^_key] *\).*[^;]@\1$CPAD_TLS_CERT@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS certificate file"
+      exit 1
+    fi
+
+    # If key is present, set path. If not, exit with error
+    if [ -f "$CPAD_TLS_KEY" ]; then
+      sed -i "s@\( *ssl_certificate_key *\).*[^;]@\1$CPAD_TLS_KEY@" $CPAD_NGINX_CPAD_CONF
+    else
+      echo "Error: Missing TLS key file"
+      exit 1
+    fi
+
+    # This option is only useful for OCSP stapling which Cryptpad doesn't use
+    # so we'll comment it to avoid errors.
+    sed -i "s@\(ssl_trusted_certificate\)@#\1@" $CPAD_NGINX_CPAD_CONF
+
+    # If no DH parameters are provided, generate them
+    if [ ! -f "${CPAD_TLS_DHPARAM:=/etc/nginx/dhparam.pem}" ]; then
+      # Generate DH parameters
+      openssl dhparam -out $CPAD_TLS_DHPARAM 4096
+    fi
+
+  # If no TLS termination
+  else
+    # Make Nginx listen on 80 in plaintext
+    # and comment out all ssl related options
+    sed -i  -e "s@\(^.*\) \+443 ssl\(.*$\)@\1 80\2@" \
+            -e "s@[^#]ssl_@ #ssl_@g" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  # Should Nginx use http_realip_module
+  if [ -n "${CPAD_TRUSTED_PROXY:=}" ]; then
+    # Set trusted proxy
+    sed -i  -e "/listen/ G" \
+    -e "/listen/ a \   \ # Set trusted proxy and header containing real client IP" \
+    -e "/listen/ a \   \ set_real_ip_from  $CPAD_TRUSTED_PROXY;" $CPAD_NGINX_CPAD_CONF
+
+    # Set header to get real client IP from
+    if [ -n "${CPAD_REALIP_HEADER:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_header    $CPAD_REALIP_HEADER;" $CPAD_NGINX_CPAD_CONF
+    fi
+
+    # Should Nginx perform a recursive search to get real client IP
+    if [ -n "${CPAD_REALIP_RECURSIVE:-}" ]; then
+      sed -i "/set_real_ip_from/ a \   \ real_ip_recursive $CPAD_REALIP_RECURSIVE;" $CPAD_NGINX_CPAD_CONF
+    fi
+  fi
+
+  # Should nginx use HTTP2 (defaults to false)
+  if [ "${CPAD_HTTP2_DISABLE:-false}" = "true" ]; then
+    sed -i  -e "s@\(^.*\) \+http2\(.*$\)@\1\2@" $CPAD_NGINX_CPAD_CONF
+  fi
+
+  ## WIP
+  # If cryptad conf isn't provided
+  # if [ ! -f "$CPAD_CONF" ]; then
+  #   echo -e "\n\
+  #         ############################################### \n\
+  #         Warning: No config file provided for cryptpad \n\
+  #         We will create a basic one for now but you should rerun this service \n\
+  #         by providing a file with your settings \n\
+  #         eg: docker run -v /path/to/config.js:/cryptpad/config/config.js \n\
+  #         ############################################### \n"
+  #
+  #   cp $CPAD_HOME/config/config.example.js $CPAD_CONF
+  #
+  #   # Set domains
+  #   sed -i  -e "s@\(httpUnsafeOrigin:\).*[^,]@\1 'https://$CPAD_MAIN_DOMAIN'@" \
+  #           -e "s@\(^ *\).*\(httpSafeOrigin:\).*[^,]@\1\2 'https://$CPAD_SANDBOX_DOMAIN'@" $CPAD_CONF
+  #
+  #   # Set admin email
+  #   if [ -z "$CPAD_ADMIN_EMAIL" ]; then
+  #     echo "Error: Missing admin email (Did you read the config?)"
+  #     exit 1
+  #   else
+  #     sed -i "s@\(adminEmail:\).*[^,]@\1 '$CPAD_ADMIN_EMAIL'@" $CPAD_CONF
+  #   fi
+  # fi
+
+fi
+
+exec "$@"
diff --git a/cryptpad_v4.5.0-nginx/supervisord.conf b/cryptpad_v4.5.0-nginx/supervisord.conf
new file mode 100644
index 0000000..fe8ff10
--- /dev/null
+++ b/cryptpad_v4.5.0-nginx/supervisord.conf
@@ -0,0 +1,49 @@
+[unix_http_server]
+file=/dev/shm/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+user=root		     ;
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+;[rpcinterface:supervisor]
+;supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+;[supervisorctl]
+;serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[program:node]
+command = /usr/local/bin/node /cryptpad/server.js
+user=cryptpad
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=QUIT
+
+[eventlistener:processes]
+command=sh -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL

@tianon
Copy link
Member

tianon commented Apr 5, 2024

I'm updating the status of this PR to "draft" for now. When it's ready for re-review, please remove the draft status and leave a comment (GitHub unfortunately does not notify maintainers for draft state changes).

@tianon tianon marked this pull request as draft April 5, 2024 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants