diff --git a/conf/.env.example b/conf/.env.example
index efe6539..acfef3a 100644
--- a/conf/.env.example
+++ b/conf/.env.example
@@ -2,12 +2,35 @@ APP_NAME=Lychee
 APP_ENV=production
 APP_KEY=
 APP_DEBUG=false
+# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
 APP_URL=https://__DOMAIN____PATH__
-APP_FORCE_HTTPS=true
+APP_FORCE_HTTPS=false
+
+# If using Lychee in a sub folder, specify the path after the tld here.
+# For example for https://lychee.test/path/to/lychee
+# Set APP_URL=https://lychee.test
+# and APP_DIR=/path/to/lychee
+# We (LycheeOrg) do not recommend the use of APP_DIR.
+# APP_DIR=
 
 # enable or disable debug bar. By default it is disabled.
+# Do note that this disable CSP!!
 DEBUGBAR_ENABLED=false
 
+# enable or disable the v5 layout.
+LIVEWIRE_ENABLED=true
+
+# enable or disable log viewer. By default it is enabled.
+LOG_VIEWER_ENABLED=true
+
+# enable s3 bucket (required in addition to needing AWS_ACCESS_KEY_ID)
+# S3_ENABLED=true
+
+# If you spread old links of to your albums in your Lychee instance starting with
+# https://lychee.text/#albumID/PhotoId
+# Set this value to true to enable redirection.
+LEGACY_V4_REDIRECT=false
+
 ##############################################################################
 # IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
 #            server as v3.                                                   #
@@ -29,7 +52,7 @@ DB_PASSWORD=__DB_PWD__
 DB_LOG_SQL=false
 
 # List foreign keys in diagnostic page
-#DB_LIST_FOREIGN_KEYS=true
+DB_LIST_FOREIGN_KEYS=false
 
 # Application timezone. If not specified, the server's default timezone is used.
 # Requires a named timezone identifier.
@@ -49,7 +72,7 @@ TIMEZONE=__TIMEZONE__
 # Some rare setups may require directories and files to be world writeable.
 # In this case, use "world" here.
 # USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
-LYCHEE_IMAGE_VISIBILITY=public
+# LYCHEE_IMAGE_VISIBILITY=public
 
 # folders in which the files will be stored
 LYCHEE_UPLOADS="__DATA_DIR__/uploads/"
@@ -61,13 +84,17 @@ LYCHEE_DIST="__INSTALL_DIR__/public/dist/"
 # LYCHEE_SYM_URL="sym/"
 
 # Support for token based authentication used by API requests. Enabled by default.
-ENABLE_TOKEN_AUTH=false
+# ENABLE_TOKEN_AUTH=true
 
 CACHE_DRIVER=file
 SESSION_DRIVER=file
 SESSION_LIFETIME=120
+# `sync` if jobs needs to be executed live (default) or `database` if they can be defered.
+QUEUE_CONNECTION=sync
 
 SECURITY_HEADER_HSTS_ENABLE=false
+SECURITY_HEADER_CSP_CONNECT_SRC=
+SECURITY_HEADER_SCRIPT_SRC_ALLOW=
 SESSION_SECURE_COOKIE=false
 
 REDIS_HOST=127.0.0.1
@@ -92,3 +119,65 @@ TRUSTED_PROXIES=null
 
 # Comma-separated list of class names of diagnostics checks that should be skipped.
 #SKIP_DIAGNOSTICS_CHECKS=
+
+VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
+VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+# Oauth token data
+# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.
+
+# AMAZON_SIGNIN_CLIENT_ID=
+# AMAZON_SIGNIN_SECRET=
+# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect
+
+# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
+# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
+# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
+# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
+# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
+# APPLE_CLIENT_ID=
+# APPLE_CLIENT_SECRET=
+# APPLE_REDIRECT_URI=/auth/apple/redirect
+
+# FACEBOOK_CLIENT_ID=
+# FACEBOOK_CLIENT_SECRET=
+# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect
+
+# GITHUB_CLIENT_ID=
+# GITHUB_CLIENT_SECRET=
+# GITHUB_REDIRECT_URI=/auth/github/redirect
+
+# GOOGLE_CLIENT_ID=
+# GOOGLE_CLIENT_SECRET=
+# GOOGLE_REDIRECT_URI=/auth/google/redirect
+
+# MASTODON_DOMAIN=https://mastodon.social
+# MASTODON_ID=
+# MASTODON_SECRET=
+# MASTODON_REDIRECT_URI=/auth/mastodon/redirect
+
+# MICROSOFT_CLIENT_ID=
+# MICROSOFT_CLIENT_SECRET=
+# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
+
+# NEXTCLOUD_CLIENT_ID=  
+# NEXTCLOUD_CLIENT_SECRET=  
+# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
+# NEXTCLOUD_BASE_URI=
+
+# KEYCLOAK_CLIENT_ID=
+# KEYCLOAK_CLIENT_SECRET=
+# KEYCLOAK_REDIRECT_URI=/auth/keycloak/redirect
+# KEYCLOAK_BASE_URL=
+# KEYCLOAK_REALM=
+
+# AWS support data
+
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# AWS_DEFAULT_REGION=
+# AWS_BUCKET=
+# AWS_URL=
+# AWS_ENDPOINT=
+# AWS_IMAGE_VISIBILITY=
+# AWS_USE_PATH_STYLE_ENDPOINT=