diff --git a/debian/Dockerfile b/debian/Dockerfile
index 4a621a6..240427d 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -1,50 +1,51 @@
-FROM php:8.2-fpm AS base
+FROM php:8.3-fpm AS base
+
 ARG saxon=12.5.0
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
-    default-mysql-client \
-    fonts-liberation \
-    fonts-noto-cjk \
-    fonts-noto-cjk-extra \
-    fonts-wqy-microhei \
-    fonts-wqy-zenhei \
-    git \
     gnupg2 \
     gosu \
-    libasound2 \
-    libatk-bridge2.0-0 \
-    libatk1.0-0 \
-    libatspi2.0-0 \
-    libcups2 \
-    libdbus-1-3 \
-    libdrm2 \
-    libgbm1 \
-    libgtk-3-0 \
-    libnspr4 \
-    libnss3 \
-    libonig-dev \
-    libpng-dev \
-    libwayland-client0 \
-    libxcomposite1 \
-    libxdamage1 \
-    libxfixes3 \
-    libxkbcommon0 \
-    libxml2-dev \
-    libxrandr2 \
     supervisor \
-    unzip \
-    wget \
-    xdg-utils \
-    xfonts-wqy \
-    zip \
     && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
         mkdir -p /etc/apt/keyrings \
         && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/keyrings/google.gpg \
         && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
         && apt-get update \
-        && apt-get install -y google-chrome-stable; \
+        && apt-get install -y --no-install-recommends google-chrome-stable; \
+    fi \
+    && if [ "$(dpkg --print-architecture)" = "arm64" ]; then \
+        apt-get install -y --no-install-recommends \
+            default-mysql-client \
+            fonts-liberation \
+            fonts-noto-cjk \
+            fonts-noto-cjk-extra \
+            fonts-wqy-microhei \
+            fonts-wqy-zenhei \
+            libasound2 \
+            libatk-bridge2.0-0 \
+            libatk1.0-0 \
+            libatspi2.0-0 \
+            libcups2 \
+            libdbus-1-3 \
+            libdrm2 \
+            libgbm1 \
+            libgtk-3-0 \
+            libnspr4 \
+            libnss3 \
+            libonig-dev \
+            libpng-dev \
+            libwayland-client0 \
+            libxcomposite1 \
+            libxdamage1 \
+            libxfixes3 \
+            libxkbcommon0 \
+            libxml2-dev \
+            libxrandr2 \
+            supervisor \
+            xdg-utils \
+            xfonts-wqy; \
     fi \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
@@ -69,12 +70,10 @@ RUN mkdir -p /tmp/chrome \
     fi
 
 # Copy Install PHP extensions installer
-#COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
 ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
 
 # Install Required PHP extensions.
 RUN install-php-extensions \
-#RUN docker-php-ext-install \
     bcmath \
     exif \
     gd \
@@ -92,8 +91,6 @@ RUN install-php-extensions \
 
 # Configure PHP
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
 
 # Copy scripts
 COPY rootfs /
diff --git a/debian/docker-compose.yml b/debian/docker-compose.yml
index 7ac4724..e5b96c0 100644
--- a/debian/docker-compose.yml
+++ b/debian/docker-compose.yml
@@ -6,13 +6,17 @@ x-logging: &default-logging
 
 services:
   app:
-    image: invoiceninja/invoiceninja-debian:latest
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env
-      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf
+      - ./.env:/var/www/html/.env:ro
+      - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
+      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
+      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
       - app_storage:/var/www/html/storage
       - app_cache:/var/www/html/bootstrap/cache
       - image_public:/var/www/html/public:ro
@@ -23,10 +27,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
     logging: *default-logging
 
   nginx:
@@ -35,18 +35,13 @@ services:
     ports:
       - "80:80"
     volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx:/etc/nginx/conf.d:ro
       - app_storage:/var/www/html/storage:ro
       - image_public:/var/www/html/public:ro
     networks:
       - app-network
     depends_on:
       - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
     logging: *default-logging
 
   mysql:
@@ -77,10 +72,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
     logging: *default-logging
 
   redis:
@@ -95,10 +86,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
     logging: *default-logging
 
 networks:
diff --git a/debian/nginx/conf.d/default.conf b/debian/nginx/conf.d/default.conf
deleted file mode 100644
index 2daeec3..0000000
--- a/debian/nginx/conf.d/default.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
-    listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    root /var/www/html/public;
-    index index.php;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass app:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-    }
-}
diff --git a/debian/nginx/invoiceninja.conf b/debian/nginx/invoiceninja.conf
new file mode 100644
index 0000000..8e4438c
--- /dev/null
+++ b/debian/nginx/invoiceninja.conf
@@ -0,0 +1,9 @@
+client_max_body_size 100M;
+client_body_buffer_size 100M;
+
+fastcgi_buffer_size 16k;
+fastcgi_buffers 4 16k;
+
+gzip on;
+
+server_tokens off;
diff --git a/debian/nginx/laravel.conf b/debian/nginx/laravel.conf
new file mode 100644
index 0000000..5ae6c0e
--- /dev/null
+++ b/debian/nginx/laravel.conf
@@ -0,0 +1,31 @@
+server {
+    listen 80 default_server;
+    server_name _;   
+    root /var/www/html/public;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+ 
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+ 
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass app:9000;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}
diff --git a/debian/nginx/nginx.conf b/debian/nginx/nginx.conf
deleted file mode 100644
index 2ee6e48..0000000
--- a/debian/nginx/nginx.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    client_max_body_size 100M;
-    client_body_buffer_size 100M;
-
-    include /etc/nginx/conf.d/*.conf;
-}
diff --git a/debian/php/php-fpm.conf b/debian/php/php-fpm.conf
index 788d2f8..aa4e660 100644
--- a/debian/php/php-fpm.conf
+++ b/debian/php/php-fpm.conf
@@ -1,9 +1,2 @@
 [www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
 pm.max_children = 10
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
\ No newline at end of file
diff --git a/debian/php/php.ini b/debian/php/php.ini
index da4ea75..12cf380 100644
--- a/debian/php/php.ini
+++ b/debian/php/php.ini
@@ -1,13 +1,8 @@
-session.auto_start = Off
-short_open_tag = Off
-
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+memory_limit=512M
 
 opcache.enable=1
 opcache.preload=/var/www/html/preload.php
 opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
 opcache.max_accelerated_files=300000
 opcache.validate_timestamps=1
 opcache.revalidate_freq=30
@@ -15,7 +10,5 @@ opcache.jit_buffer_size=256M
 opcache.jit=1205
 opcache.memory_consumption=1024M
 
-
 post_max_size = 60M
 upload_max_filesize = 50M
-memory_limit=512M
diff --git a/debian/supervisor/supervisord.conf b/debian/supervisor/supervisord.conf
index 02fea20..ffa858a 100644
--- a/debian/supervisor/supervisord.conf
+++ b/debian/supervisor/supervisord.conf
@@ -43,7 +43,6 @@ command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run -
 autostart=true
 autorestart=true
 user=www-data
-redirect_stderr=true
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr