diff --git a/.gitignore b/.gitignore
index 15b0752..37b4d93 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
-/data/app
+/data/data
 /backup
 nextcloud.conf
+db.env
+cloud.env
+docker-compose.override.yml
diff --git a/README.md b/README.md
index 25a5311..c6dd946 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,11 @@
 # Nextcloud
 
 - [![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://paypal.me/pgollor) [![Docker Pulls](https://img.shields.io/docker/pulls/pgollor/nextcloud.svg)](https://hub.docker.com/r/pgollor/nextcloud/)
-- app: [![Build Status](https://jenkins.pgollor.de/job/nextcloud-docker-app/badge/icon)](https://jenkins.pgollor.de/job/nextcloud-docker-app/) [![](https://images.microbadger.com/badges/image/pgollor/nextcloud:app-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:app-latest "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pgollor/nextcloud:app-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:app-latest "Get your own version badge on microbadger.com") [![based on nextcloud-version](https://img.shields.io/badge/dynamic/json.svg?label=based%20on&url=https%3A%2F%2Fapi.microbadger.com%2Fv1%2Fimages%2Fpgollor%2Fnextcloud%3Aapp-latest&query=%24.Labels.nv&colorB=brightgreen&prefix=nextcloud-)](https://hub.docker.com/_/nextcloud/)
+- app: [![Build Status](https://jenkins.pgollor.de/job/nextcloud-docker-app/badge/icon)](https://jenkins.pgollor.de/job/nextcloud-docker-app-dev/) [![](https://images.microbadger.com/badges/image/pgollor/nextcloud:app-dev-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:app-dev-latest "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pgollor/nextcloud:app-dev-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:app-dev-latest "Get your own version badge on microbadger.com") [![based on nextcloud-version](https://img.shields.io/badge/dynamic/json.svg?label=based%20on&url=https%3A%2F%2Fapi.microbadger.com%2Fv1%2Fimages%2Fpgollor%2Fnextcloud%3Aapp-dev-latest&query=%24.Labels.nv&colorB=brightgreen&prefix=nextcloud-)](https://hub.docker.com/_/nextcloud/)
 - web: [![Build Status](https://jenkins.pgollor.de/job/nextcloud-docker-web/badge/icon)](https://jenkins.pgollor.de/job/nextcloud-docker-web/) [![](https://images.microbadger.com/badges/image/pgollor/nextcloud:web-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:web-latest "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pgollor/nextcloud:web-latest.svg)](https://microbadger.com/images/pgollor/nextcloud:web-latest "Get your own version badge on microbadger.com")
 
-Docker compose files for nextcloud
+Docker compose files for nextcloud with database and redis container.
+This compose set is designed fo rusing behing a revers proxy which handels the ssl certificates.
 
 
 ## Information
@@ -19,6 +20,10 @@
 
 ## Update hints
 
+### 20 to 21
+
+All containers and volumes are renamed. Make a full backup and restore it. Untestet now!
+
 ### 14.0.4 to 14.0.16
 
 If you get a database error for the `activity` table, please have a look at this [issue](https://github.com/nextcloud/activity/issues/309#issuecomment-436929111).
diff --git a/backup.sh b/backup.sh
index 7721b8e..9e7b1b3 100755
--- a/backup.sh
+++ b/backup.sh
@@ -1,12 +1,14 @@
 #!/bin/bash
 
+# project name (by default directory name of the compose project)
+PROJECT_NAME=nextcloud
 
 # backup directory
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 backupDir=${SCRIPT_DIR}/backup
 
 # create directories
-mkdir -p ${backupDir}/app
+mkdir -p ${backupDir}/config
 mkdir -p ${backupDir}/docker-conf
 mkdir -p ${backupDir}/data
 mkdir -p ${backupDir}/db
@@ -14,21 +16,22 @@
 # current date
 currentDate=$(date +"%Y-%m-%d_%H-%M-%S")
 
-# backup mysql
+# backup database
 dbFile="${backupDir}/db/${currentDate}.sql"
-docker exec $(docker container ls -qf name=nextcloud-database) sh -c 'mysqldump --single-transaction=TRUE --lock-tables --default-character-set=utf8mb4 -uroot -p"${MYSQL_ROOT_PASSWORD}" ${MYSQL_DATABASE}' > ${dbFile}
+docker exec $(docker container ls -qf name=${PROJECT_NAME}_database) sh -c 'mysqldump --single-transaction=TRUE --lock-tables --default-character-set=utf8mb4 -uroot -p"${MYSQL_ROOT_PASSWORD}" ${MYSQL_DATABASE}' > ${dbFile}
 sed -i "/^mysqldump: \\[Warning\\]/d" ${dbFile}
 tar -cj ${dbFile} -f "${dbFile}.tbz2"
 rm ${dbFile}
 
-# backup app data as root because of permission problems
-sudo tar -C data -I pbzip2 -pc app -f "${backupDir}/app/${currentDate}.tbz2"
+# backup nextcloud conf directory as root because of permission problems
+docker run --rm -v ${PROJECT_NAME}_app-vol-1:/volume -v "${backupDir}/config":/backup debian:buster-slim bash -c "cd /volume/config && tar -czf /backup/${currentDate}.tar ." &> /dev/null
 
 # backup data as root because of permission problems
-#sudo tar -C data -I pbzip2 -pc data -f "${backupDir}/data/${currentDate}.tbz2"
+docker run --rm -v ${PROJECT_NAME}_data-vol-1:/volume -v "${backupDir}/data":/backup debian:buster-slim bash -c "cd /volume && tar -czf /backup/${currentDate}.tar ." &> /dev/null
 
-# backup config files
-tar -pcj nextcloud.conf -f "${backupDir}/docker-conf/${currentDate}.tbz2"
+# backup docker config files
+tar -pcj nextcloud.conf db.env cloud.env -f "${backupDir}/docker-conf/${currentDate}.tbz2"
 
 # delete all files older 30 days
 find ${backupDir} -iname "*.tbz2" -type f -mtime +10 -exec rm {} \; > /dev/null
+
diff --git a/cloud.env.example b/cloud.env.example
new file mode 100644
index 0000000..31c726c
--- /dev/null
+++ b/cloud.env.example
@@ -0,0 +1,2 @@
+# admin user password
+NEXTCLOUD_ADMIN_PASSWORD=changeme
diff --git a/db.env.example b/db.env.example
new file mode 100644
index 0000000..461e107
--- /dev/null
+++ b/db.env.example
@@ -0,0 +1,2 @@
+MYSQL_PASSWORD=changeme
+MYSQL_ROOT_PASSWORD=changeme
diff --git a/docker-compose.yml b/docker-compose.yml
index 884a9b2..c84a20d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,123 +1,84 @@
-version: '2.2'
+version: '3'
 
 services:
-  nextcloud-app:
-    #build: ./docker/app
-    image: pgollor/nextcloud:app-latest
+  app:
+    image: pgollor/nextcloud:app-dev-latest
+    build: ./docker/app
     restart: always
-    mem_limit: 512m
     cpus: 1.5
-    depends_on:
-      - nextcloud-database
-      - nextcloud-redis
+    env_file:
+      - db.env
+      - cloud.env
     environment:
-      - MYSQL_HOST=mysql
+      - MYSQL_HOST=db
       - MYSQL_DATABASE=cloud
       - MYSQL_USER=cloud
-      - MYSQL_PASSWORD=${NEXTCLOUD_DATABASE_PASSWORD}
       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
-      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/srv/data
       - REDIS_HOST=redis
       - TZ=${TZ}
+      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
+      - OVERWRITEHOST=${NEXTCLOUD_OVERWRITEHOST}
+      - OVERWRITEPROTOCOL=https
     tmpfs:
       - /tmp
+    links:
+      - "database:db"
     volumes:
-      - ./data/app:/var/www/html
-      - ./data/data:/srv/data
-    networks:
-      nextcloud-network:
-        ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.100
-        aliases:
-          - app
+      - app-vol-1:/var/www/html
+      - data-vol-1:/var/www/html/data
+      - ./data/config:/var/www/html/config
+    depends_on:
+      - database
+      - redis
 
-  nextcloud-web:
-    #build: ./docker/web
+  web:
     image: pgollor/nextcloud:web-latest
     restart: always
-    mem_limit: 512m
     logging:
       driver: json-file
     ports:
       - "${NEXTCLOUD_WEB_BIND:-127.0.0.1}:${NEXTCLOUD_WEB_PORT:-8080}:80"
     volumes:
-      - ./data/app:/var/www/html:ro
+      - app-vol-1:/var/www/html:ro
+    links:
+      - "app:app"
     depends_on:
-      - nextcloud-app
-    networks:
-      nextcloud-network:
-        ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.101
-        aliases:
-          - web
+      - app
 
-  nextcloud-database:
+  database:
     image: mariadb
     restart: always
-    mem_limit: 1g
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     environment:
-      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DATABASE_ROOT}
       - MYSQL_DATABASE=cloud
       - MYSQL_USER=cloud
-      - MYSQL_PASSWORD=${NEXTCLOUD_DATABASE_PASSWORD}
+    env_file:
+      - db.env
     volumes:
-      -  nextcloud-db-vol-1:/var/lib/mysql/
-      - ./data/conf/mysql:/etc/mysql/conf.d/:ro
+      -  db-vol-1:/var/lib/mysql/
+      - ./data/mysql:/etc/mysql/conf.d/:ro
     tmpfs:
       - /tmp
-    networks:
-      nextcloud-network:
-        ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.102
-        aliases:
-          - mysql
 
-  nextcloud-redis:
-    mem_limit: 1g
+  redis:
     image: redis:alpine
     restart: always
-    networks:
-      nextcloud-network:
-        aliases:
-          - redis
 
-  nextcloud-cron:
-    #build: ./docker/app
-    image: pgollor/nextcloud:app-latest
+  cron:
+    image: pgollor/nextcloud:app-dev-latest
     restart: always
     volumes:
-      - ./data/app:/var/www/html
-      - ./data/data:/srv/data
-    user: www-data
-    mem_limit: 256m
+      - app-vol-1:/var/www/html
+      - data-vol-1:/var/www/html/data
     logging:
       driver: json-file
-    entrypoint: |
-      bash -c 'bash -s <<EOF
-        trap "break;exit" SIGHUP SIGINT SIGTERM
-    
-        while [ ! -f /var/www/html/config/config.php ]; do
-          sleep 1
-        done
-    
-        while true; do
-          php -f /var/www/html/cron.php
-          sleep 15m
-        done
-      EOF'
+    entrypoint: /cron.sh
     depends_on:
-      - nextcloud-database
-      - nextcloud-redis
-    networks:
-      nextcloud-network:
-
-networks:
-  nextcloud-network:
-    driver: bridge
-    enable_ipv6: false
-    ipam:
-      driver: default
-      config:
-        - subnet: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.0/24
+      - database
+      - redis
 
 volumes:
-  nextcloud-db-vol-1:
+  db-vol-1:
+  app-vol-1:
+  data-vol-1:
+
diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile
index a0355ac..475afeb 100644
--- a/docker/app/Dockerfile
+++ b/docker/app/Dockerfile
@@ -1,4 +1,4 @@
-FROM nextcloud:17-fpm
+FROM nextcloud:fpm
 
 ARG NV
 ARG VCS_REF
@@ -9,12 +9,20 @@
 
 RUN apt-get update && \
 	apt-get install -y --no-install-recommends \
+	libgmp3-dev \
 	smbclient libsmbclient-dev \
-	libbz2-dev
+	libbz2-dev \
+	libmagickcore-6.q16-6-extra \
+	ocrmypdf \
+	imagemagick ghostscript
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 RUN	pecl install \
 	smbclient
 RUN docker-php-ext-install bz2
+RUN docker-php-ext-install gmp
+RUN docker-php-ext-install bz2
+RUN docker-php-ext-install bcmath
 RUN docker-php-ext-enable smbclient
+RUN sed -i '/domain="coder".*pattern="PDF"/c\<policy domain="coder" rights="read\|write" pattern="PDF" \/>' /etc/ImageMagick-6/policy.xml
 
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
diff --git a/generate_password.sh b/generate_password.sh
index 7ff8759..e0819c8 100755
--- a/generate_password.sh
+++ b/generate_password.sh
@@ -1,15 +1,23 @@
 #!/bin/bash
 
-if [ ! -f "nextcloud.conf" ]; then
-	cp nextcloud.conf.example nextcloud.conf
+if [ ! -f "db.env" ]; then
+	cp db.env.example db.env
 
 	pw1=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 	pw2=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
-	pw3=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-	sed -i "/^NEXTCLOUD_DATABASE_ROOT/c\\\NEXTCLOUD_DATABASE_ROOT=${pw1}" nextcloud.conf
-	sed -i "/^NEXTCLOUD_DATABASE_PASSWORD/c\\\NEXTCLOUD_DATABASE_PASSWORD=${pw2}" nextcloud.conf
-	sed -i "/^NEXTCLOUD_ADMIN_PASSWORD/c\\\NEXTCLOUD_ADMIN_PASSWORD=${pw3}" nextcloud.conf
+	sed -i "/^MYSQL_PASSWORD/c\\\MYSQL_PASSWORD=${pw1}" db.env
+	sed -i "/^MYSQL_ROOT_PASSWORD/c\\\MYSQL_ROOT_PASSWORD=${pw2}" db.env
 else
-	echo "File already exists!"
+	echo "db.env already exists!"
+fi
+
+if [ ! -f "cloud.env" ]; then
+	cp cloud.env.example cloud.env
+
+	pw1=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+
+	sed -i "/^NEXTCLOUD_ADMIN_PASSWORD/c\\\NEXTCLOUD_ADMIN_PASSWORD=${pw1}" cloud.env
+else
+	echo "cloud.env already exists!"
 fi
diff --git a/nextcloud.conf.example b/nextcloud.conf.example
index bbe3689..cee84c6 100644
--- a/nextcloud.conf.example
+++ b/nextcloud.conf.example
@@ -9,20 +9,11 @@
 # admin user name
 NEXTCLOUD_ADMIN_USER=admin
 
-# admin user password
-NEXTCLOUD_ADMIN_PASSWORD=changeme
+# your primary domain
+NEXTCLOUD_OVERWRITEHOST="cloud.example.com"
 
-# ipv4 network (only first three bytes like: 172.22.5)
-NEXTCLOUD_IPV4_NETWORK=172.22.5
-
-
-## database configuration
-# mysql root user password
-NEXTCLOUD_DATABASE_ROOT=changeme
-
-# database password
-NEXTCLOUD_DATABASE_PASSWORD=changeme
-
+# comma seperated list of trusted domains
+NEXTCLOUD_TRUSTED_DOMAINS="cloud.example.com c.example.com"
 
 ## Timezone one of /usr/share/zoneinfo
 TZ=Europe/Berlin