diff --git a/conf/env_api-gateway.env.sample b/conf/env_api-gateway.env.sample
index 2534cc9..c906aa0 100644
--- a/conf/env_api-gateway.env.sample
+++ b/conf/env_api-gateway.env.sample
@@ -1,12 +1,23 @@
-Environment="__YNH_NODE_LOAD_PATH__"
-PORT="__PORT_API_GATEWAY__"
+__YNH_NODE_LOAD_PATH__
 
 LOG_LEVEL="info"
 NODE_ENV="production"
 
-NEW_RELIC_ENABLED=false
-NEW_RELIC_APP_NAME="API Gateway"
-NEW_RELIC_NO_CONFIG_FILE=true
+PORT="__PORT_API_GATEWAY__"
 
 SYNCING_SERVER_JS_URL="http://localhost:__PORT_SYNCING_SERVER_JS__"
 AUTH_SERVER_URL="http://localhost:__PORT_AUTH__"
+#PAYMENTS_SERVER_URL=http://payments:3000
+
+HTTP_CALL_TIMEOUT=10000
+
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
+
+# (Optional) New Relic Setup
+NEW_RELIC_ENABLED=false
+NEW_RELIC_APP_NAME="API Gateway"
+NEW_RELIC_LICENSE_KEY=
+NEW_RELIC_NO_CONFIG_FILE=true
+NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
+NEW_RELIC_LOG_ENABLED=false
+NEW_RELIC_LOG_LEVEL=info
diff --git a/conf/env_auth-worker.env.sample b/conf/env_auth-worker.env.sample
index 4363022..a8de7f2 100644
--- a/conf/env_auth-worker.env.sample
+++ b/conf/env_auth-worker.env.sample
@@ -1,33 +1,59 @@
-Environment="__YNH_NODE_LOAD_PATH__"
-PORT="__PORT_AUTH__"
+__YNH_NODE_LOAD_PATH__
 
 LOG_LEVEL="info"
 NODE_ENV="production"
 
-AUTH_JWT_TTL=60000
 JWT_SECRET=__JWT_SECRET__
-LEGACY_JWT_SECRET=__LEGACY_JWT_SECTRET__
-
-NEW_RELIC_ENABLED=false
-NEW_RELIC_APP_NAME=Auth
-NEW_RELIC_NO_CONFIG_FILE=true
-
-REDIS_EVENTS_CHANNEL="auth-events"
-
-DISABLE_USER_REGISTRATION=false
-
-PSEUDO_KEY_PARAMS_KEY=__PSEUDO_KEY_PARAMS_KEY__
-
-ACCESS_TOKEN_AGE=5184000
-REFRESH_TOKEN_AGE=31556926
-
-MAX_LOGIN_ATTEMPTS=6
-FAILED_LOGIN_LOCKOUT=3600
-
-EPHEMERAL_SESSION_AGE=259200
+LEGACY_JWT_SECRET=__LEGACY_JWT_SECRET__
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
+AUTH_JWT_TTL=60
 
 # Must be a hex string exactly 32 bytes long
 # e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
 ENCRYPTION_SERVER_KEY=__ENCRYPTION_SERVER_KEY__
 
+PORT="__PORT_AUTH_WORKER__"
+
+DB_HOST=127.0.0.1
+DB_REPLICA_HOST=127.0.0.1
+DB_PORT=3306
+DB_USERNAME=auth
+DB_PASSWORD=changeme123
+DB_DATABASE=auth
+DB_DEBUG_LEVEL=all # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
+DB_MIGRATIONS_PATH=dist/migrations/*.js
+
+REDIS_URL=redis://localhost:6379/__REDIS_DB__
+
+DISABLE_USER_REGISTRATION=false
+
+ACCESS_TOKEN_AGE=5184000
+REFRESH_TOKEN_AGE=31556926
+
+EPHEMERAL_SESSION_AGE=259200
+
+MAX_LOGIN_ATTEMPTS=6
+FAILED_LOGIN_LOCKOUT=3600
+
+PSEUDO_KEY_PARAMS_KEY=__PSEUDO_KEY_PARAMS_KEY__
+
+SNS_TOPIC_ARN=
+SNS_AWS_REGION=
+SQS_QUEUE_URL=
+SQS_AWS_REGION=
+
+USER_SERVER_REGISTRATION_URL=
+USER_SERVER_AUTH_KEY=
+
 SYNCING_SERVER_URL=http://localhost:__PORT_SYNCING_SERVER_JS__
+
+REDIS_EVENTS_CHANNEL=events
+
+# (Optional) New Relic Setup
+NEW_RELIC_ENABLED=false
+NEW_RELIC_APP_NAME=Auth
+NEW_RELIC_LICENSE_KEY=
+NEW_RELIC_NO_CONFIG_FILE=true
+NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
+NEW_RELIC_LOG_ENABLED=false
+NEW_RELIC_LOG_LEVEL=info
diff --git a/conf/env_auth.env.sample b/conf/env_auth.env.sample
index 1928eea..8eab6b0 100644
--- a/conf/env_auth.env.sample
+++ b/conf/env_auth.env.sample
@@ -1,33 +1,59 @@
-Environment="__YNH_NODE_LOAD_PATH__"
-PORT="__PORT_AUTH_WORKER__"
+__YNH_NODE_LOAD_PATH__
 
 LOG_LEVEL="info"
 NODE_ENV="production"
 
-AUTH_JWT_TTL=60000
 JWT_SECRET=__JWT_SECRET__
-LEGACY_JWT_SECRET=__LEGACY_JWT_SECTRET__
-
-NEW_RELIC_ENABLED=false
-NEW_RELIC_APP_NAME=Auth
-NEW_RELIC_NO_CONFIG_FILE=true
-
-REDIS_EVENTS_CHANNEL="auth-events"
-
-DISABLE_USER_REGISTRATION=false
-
-PSEUDO_KEY_PARAMS_KEY=__PSEUDO_KEY_PARAMS_KEY__
-
-ACCESS_TOKEN_AGE=5184000
-REFRESH_TOKEN_AGE=31556926
-
-MAX_LOGIN_ATTEMPTS=6
-FAILED_LOGIN_LOCKOUT=3600
-
-EPHEMERAL_SESSION_AGE=259200
+LEGACY_JWT_SECRET=__LEGACY_JWT_SECRET__
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
+AUTH_JWT_TTL=60
 
 # Must be a hex string exactly 32 bytes long
 # e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
 ENCRYPTION_SERVER_KEY=__ENCRYPTION_SERVER_KEY__
 
+PORT="__PORT_AUTH__"
+
+DB_HOST=127.0.0.1
+DB_REPLICA_HOST=127.0.0.1
+DB_PORT=3306
+DB_USERNAME=auth
+DB_PASSWORD=changeme123
+DB_DATABASE=auth
+DB_DEBUG_LEVEL=all # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
+DB_MIGRATIONS_PATH=dist/migrations/*.js
+
+REDIS_URL=redis://localhost:6379/__REDIS_DB__
+
+DISABLE_USER_REGISTRATION=false
+
+ACCESS_TOKEN_AGE=5184000
+REFRESH_TOKEN_AGE=31556926
+
+EPHEMERAL_SESSION_AGE=259200
+
+MAX_LOGIN_ATTEMPTS=6
+FAILED_LOGIN_LOCKOUT=3600
+
+PSEUDO_KEY_PARAMS_KEY=__PSEUDO_KEY_PARAMS_KEY__
+
+SNS_TOPIC_ARN=
+SNS_AWS_REGION=
+SQS_QUEUE_URL=
+SQS_AWS_REGION=
+
+USER_SERVER_REGISTRATION_URL=
+USER_SERVER_AUTH_KEY=
+
 SYNCING_SERVER_URL=http://localhost:__PORT_SYNCING_SERVER_JS__
+
+REDIS_EVENTS_CHANNEL=events
+
+# (Optional) New Relic Setup
+NEW_RELIC_ENABLED=false
+NEW_RELIC_APP_NAME=Auth
+NEW_RELIC_LICENSE_KEY=
+NEW_RELIC_NO_CONFIG_FILE=true
+NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
+NEW_RELIC_LOG_ENABLED=false
+NEW_RELIC_LOG_LEVEL=info
diff --git a/conf/env_syncing-server-js-worker.env.sample b/conf/env_syncing-server-js-worker.env.sample
index dd41d4f..a441e14 100644
--- a/conf/env_syncing-server-js-worker.env.sample
+++ b/conf/env_syncing-server-js-worker.env.sample
@@ -1,12 +1,11 @@
-Environment="__YNH_NODE_LOAD_PATH__"
-PORT="__PORT_SYNCING_SERVER_JS__"
+__YNH_NODE_LOAD_PATH__
 
 LOG_LEVEL="info"
 NODE_ENV="production"
 
-AUTH_JWT_SECRET=__JWT_SECRET__
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
 
-EXPOSED_PORT=__PORT_SYNCING_SERVER_JS__
+PORT=__PORT_SYNCING_SERVER_JS_WORKER__
 
 DB_HOST=localhost
 DB_REPLICA_HOST=localhost
@@ -28,6 +27,8 @@ S3_BACKUP_BUCKET_NAME=
 
 REDIS_EVENTS_CHANNEL=events
 
+INTERNAL_DNS_REROUTE_ENABLED=false
+#EXTENSIONS_SERVER_URL=http://extensions-server:3004
 AUTH_SERVER_URL=http://localhost:__PORT_AUTH__
 
 EMAIL_ATTACHMENT_MAX_BYTE_SIZE=10485760
diff --git a/conf/env_syncing-server-js.env.sample b/conf/env_syncing-server-js.env.sample
index dd41d4f..0894d75 100644
--- a/conf/env_syncing-server-js.env.sample
+++ b/conf/env_syncing-server-js.env.sample
@@ -1,12 +1,11 @@
-Environment="__YNH_NODE_LOAD_PATH__"
-PORT="__PORT_SYNCING_SERVER_JS__"
+__YNH_NODE_LOAD_PATH__
 
 LOG_LEVEL="info"
 NODE_ENV="production"
 
-AUTH_JWT_SECRET=__JWT_SECRET__
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
 
-EXPOSED_PORT=__PORT_SYNCING_SERVER_JS__
+PORT=__PORT_SYNCING_SERVER_JS__
 
 DB_HOST=localhost
 DB_REPLICA_HOST=localhost
@@ -28,6 +27,8 @@ S3_BACKUP_BUCKET_NAME=
 
 REDIS_EVENTS_CHANNEL=events
 
+INTERNAL_DNS_REROUTE_ENABLED=false
+#EXTENSIONS_SERVER_URL=http://extensions-server:3004
 AUTH_SERVER_URL=http://localhost:__PORT_AUTH__
 
 EMAIL_ATTACHMENT_MAX_BYTE_SIZE=10485760
diff --git a/conf/nginx.conf b/conf/nginx.conf
index cdc7768..0812049 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -5,7 +5,7 @@ location __PATH__/ {
         rewrite ^ https://$server_name$request_uri? permanent;
     }
 
-    proxy_pass http://127.0.0.1:__PORT____PATH__/;
+    proxy_pass http://127.0.0.1:__PORT_API_GATEWAY__/;
     proxy_http_version 1.1;
     proxy_set_header Host $http_host;
     proxy_set_header Upgrade $http_upgrade;
diff --git a/conf/systemd_syncing-server-js.service b/conf/systemd_syncing-server-js.service
index 51e94ba..aeefe81 100644
--- a/conf/systemd_syncing-server-js.service
+++ b/conf/systemd_syncing-server-js.service
@@ -12,7 +12,7 @@ WorkingDirectory=__FINALPATH__/live/syncing-server-js
 EnvironmentFile=__FINALPATH__/live/syncing-server-js/.env
 ExecStart=/usr/bin/yarn start
 StandardOutput=append:/var/log/__APP__/syncing-server-js.log
-StandardError=append:inherit
+StandardError=inherit
 Restart=always
 
 [Install]
diff --git a/scripts/install b/scripts/install
index e65b5a1..7d5b2cf 100755
--- a/scripts/install
+++ b/scripts/install
@@ -88,6 +88,14 @@ ynh_install_app_dependencies $pkg_dependencies
 ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
 ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..."  --weight=1
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir=$final_path
+
 #=================================================
 # CREATE A MYSQL DATABASE
 #=================================================
@@ -112,6 +120,10 @@ ynh_setup_source --source_id=app_auth --dest_dir="$final_path/live/auth"
 ynh_setup_source --source_id=app_auth --dest_dir="$final_path/live/auth-worker"
 ynh_setup_source --source_id=app_api-gateway --dest_dir="$final_path/live/api-gateway"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -120,14 +132,6 @@ ynh_script_progression --message="Configuring nginx web server..."  --weight=3
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..."  --weight=1
-
-# Create a system user
-ynh_system_user_create --username=$app --home_dir=$final_path
-
 #=================================================
 # SPECIFIC SETUP
 #=================================================
@@ -143,13 +147,15 @@ config_auth_worker="$final_path/live/auth-worker/.env"
 config_api_gateway="$final_path/live/api-gateway/.env"
 
 
-jwt_sectret=$(ynh_string_random --length=48 | base64)
-legacy_jwt_sectret=$(ynh_string_random --length=48 | base64)
+jwt_secret=$(ynh_string_random --length=48 | base64)
+legacy_jwt_secret=$(ynh_string_random --length=48 | base64)
+auth_jwt_secret=$(ynh_string_random --length=48 | base64)
 pseudo_key_params_key=$(ynh_string_random --length=48 | base64)
-encryption_server_key=$(ynh_string_random --length=32 | base64)
+encryption_server_key=$(ynh_string_random --length=64 | base64)
 
-ynh_app_setting_set --app=$app --key=jwt_sectret --value=$jwt_sectret
-ynh_app_setting_set --app=$app --key=legacy_jwt_sectret --value=$legacy_jwt_sectret
+ynh_app_setting_set --app=$app --key=jwt_secret --value=$jwt_secret
+ynh_app_setting_set --app=$app --key=legacy_jwt_secret --value=$legacy_jwt_secret
+ynh_app_setting_set --app=$app --key=auth_jwt_secret --value=$auth_jwt_secret
 ynh_app_setting_set --app=$app --key=pseudo_key_params_key --value=$pseudo_key_params_key
 ynh_app_setting_set --app=$app --key=encryption_server_key --value=$encryption_server_key
 
@@ -242,11 +248,11 @@ ynh_add_systemd_config --service="$app-api-gateway" --template="systemd_api-gate
 ynh_script_progression --message="Storing the config file checksum..." --weight=1
 
 # Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="$onfig_syncing_server_js"
-ynh_store_file_checksum --file="$onfig_syncing_server_js_worker"
-ynh_store_file_checksum --file="$onfig_auth"
-ynh_store_file_checksum --file="$onfig_auth_worker"
-ynh_store_file_checksum --file="$onfig_api_gateway"
+ynh_store_file_checksum --file="$config_syncing_server_js"
+ynh_store_file_checksum --file="$config_syncing_server_js_worker"
+ynh_store_file_checksum --file="$config_auth"
+ynh_store_file_checksum --file="$config_auth_worker"
+ynh_store_file_checksum --file="$config_api_gateway"
 ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
@@ -321,8 +327,8 @@ fi
 ynh_script_progression --message="Starting a systemd service..."  --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name="$app-syncing-server-js" --action="start" --log_path="/var/log/$app/sycing-server-js.log"
-ynh_systemd_action --service_name="$app-syncing-server-js-worker" --action="start" --log_path="/var/log/$app/sycing-server-js-worker.log"
+ynh_systemd_action --service_name="$app-syncing-server-js" --action="start" --log_path="/var/log/$app/syncing-server-js.log"
+ynh_systemd_action --service_name="$app-syncing-server-js-worker" --action="start" --log_path="/var/log/$app/syncing-server-js-worker.log"
 ynh_systemd_action --service_name="$app-auth" --action="start" --log_path="/var/log/$app/auth.log"
 ynh_systemd_action --service_name="$app-auth-worker" --action="start" --log_path="/var/log/$app/auth-worker.log"
 ynh_systemd_action --service_name="$app-api-gateway" --action="start" --log_path="/var/log/$app/api-gateway.log"
@@ -359,7 +365,7 @@ Please setup the Access-Domain for the extensions in the __URL_TAG1__config-pane
 
 echo -e "\
 Standard Notes - Syncing Server was successfully installed.\n\
-Please configure the Standard Notes web app or mobile app to use this syning server: https://$domain$path_url/\n\
+Please configure the Standard Notes web app or mobile app to use this syncing server: https://$domain$path_url/\n\
 $config_panel\n\n\
 $admin_mail_info\
 " > message