diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index 29aa6f4..16f5177 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -41,17 +41,19 @@ services:
       - "traefik.http.services.sso-server.loadbalancer.server.scheme=https"
 
       - "traefik.http.routers.sso-server-web.rule=Host(`${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.sso-server-web.service=sso-server@docker"
       - "traefik.http.routers.sso-server-web.entrypoints=web"
-      - "traefik.http.routers.sso-server-web.service=sso-server"
       - "traefik.http.routers.sso-server-web.middlewares=redirect-to-https@file"
 
-      - "traefik.http.routers.sso-server-websecure.entrypoints=websecure"
       - "traefik.http.routers.sso-server-websecure.rule=Host(`${PUBLIC_DOMAIN}`)" # change hostname!
+      - "traefik.http.routers.sso-server-websecure.service=sso-server@docker"
+      - "traefik.http.routers.sso-server-websecure.entrypoints=websecure"
       - "traefik.http.routers.sso-server-websecure.tls=true"
+      - "traefik.http.routers.sso-server-websecure.tls.options=modern@file"
       - "traefik.http.routers.sso-server-websecure.tls.certresolver=hetzner"
       - "traefik.http.routers.sso-server-websecure.tls.domains[0].main=${TLS_DOMAIN}"
       - "traefik.http.routers.sso-server-websecure.middlewares=secHeaders@file, hsts-header@file"
-      - "traefik.http.routers.sso-server-websecure.service=sso-server"
+      
 
   worker:
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:?AUTHENTIK_TAG is not configured}
diff --git a/env.test.template b/env.test.template
deleted file mode 100644
index f255bfb..0000000
--- a/env.test.template
+++ /dev/null
@@ -1,48 +0,0 @@
-# SETTINGS from env.template
-# Misc configuration
-PUBLIC_DOMAIN=sso.test.s1q.dev
-COMPOSE_PROJECT_NAME=sso--test-s1q-dev
-
-# Server Versions
-AUTHENTIK_TAG=2025.6.4
-POSTGRES_TAG=16.9-alpine
-REDIS_TAG=8.0-alpine
-
-# Error reporting & Logging
-AUTHENTIK_ERROR_REPORTING__ENABLED=true
-AUTHENTIK_LOG_LEVEL=warning
-
-# Email configuration
-# SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=mail.s1q.dev
-AUTHENTIK_EMAIL__PORT=25
-AUTHENTIK_EMAIL__USERNAME=sso@s1q.dev
-# Use StartTLS
-AUTHENTIK_EMAIL__USE_TLS=true
-# Use SSL
-AUTHENTIK_EMAIL__USE_SSL=false
-AUTHENTIK_EMAIL__TIMEOUT=10
-# Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=sso@s1q.dev
-
-# Exposed ports for Authentik -- Ports are note exposed due to traefik setup
-# COMPOSE_PORT_HTTP=80
-# COMPOSE_PORT_HTTPS=443
-
-# Liste settings
-AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS="172.18.0.0/16"
-
-
-# MaxMind GeoIP
-GEOIPUPDATE_ACCOUNT_ID=1093308
-
-
-# PostgreSQL configuration
-PG_USER=authentik
-PG_DB=authentik
-
-# Secrets -- uncomment and add secrets
-#PG_PASS=
-#AUTHENTIK_SECRET_KEY=
-#AUTHENTIK_EMAIL__PASSWORD=
-#GEOIPUPDATE_LICENSE_KEY=
diff --git a/env.prod.template b/prod.template.env
similarity index 97%
rename from env.prod.template
rename to prod.template.env
index deda0c8..d18bb0d 100644
--- a/env.prod.template
+++ b/prod.template.env
@@ -32,7 +32,7 @@ AUTHENTIK_EMAIL__FROM=sso@s1q.dev
 
 
 # MaxMind GeoIP
-GEOIPUPDATE_ACCOUNT_ID=1093308
+GEOIPUPDATE_ACCOUNT_ID=765001
 
 
 # PostgreSQL configuration