diff --git a/Readme.md b/Readme.md
index 3a056c1..fb9d490 100644
--- a/Readme.md
+++ b/Readme.md
@@ -3,7 +3,7 @@ glicthtip 2.4.5 on debian 12 bookworm
 
 
 ## python 3.13
-
+this is probably unecessary
 ```shell
 apt update && apt upgrade -y
 apt install wget build-essential libreadline-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev -y
@@ -28,18 +28,22 @@ apt install -y acl build-essential libpq-dev libsasl2-dev libssl-dev nginx nodej
 ```shell
 su - postgres
 postgres@:~$ psql
-postgres=# CREATE DATABASE glitchtip;
+postgres=# CREATE DATABASE glitchtip WITH ENCODING 'UTF8' TEMPLATE template0;
 postgres=# CREATE USER glitchtip WITH ENCRYPTED PASSWORD '<PGSQL_PASSWORD>';
 postgres=# GRANT ALL PRIVILEGES ON DATABASE glitchtip TO glitchtip;
-
+postgres=# ALTER DATABASE glitchtip OWNER TO "glitchtip";
+postgres=# \c glitchtip
+postgres=# ALTER SCHEMA public OWNER TO "glitchtip";
 ```
 
 ## glitchtip
 
 ```shell
+su -
 useradd -m -s /bin/bash glitchtip
 mkdir /opt/glitchtip
 chown glitchtip:glitchtip /opt/glitchtip
+su - glitchtip
 ```
 ### frontend
 ```shell
@@ -66,7 +70,7 @@ uv sync
 #### set the env variables
 https://glitchtip.com/documentation/install#configuration
 
-```shel
+```shell
 vim .env
 ```
 
@@ -88,12 +92,144 @@ GLITCHTIP_DOMAIN="http://yourdomain.net"
 #### migrate db
 ```shell
 export $(cat .env | xargs)
-manage.py migrate
+./manage.py migrate
 ```
 
-```
+### collect static
+```shell
+ln -s /opt/glitchtip/glitchtip-frontend/dist/glitchtip-frontend/ dist
 mkdir /opt/glitchtip/glitchtip-backend/{static,media}
-manage.py collectstatic
+./manage.py collectstatic
+```
+
+#### gunicorn
+
+```shell
+mkdir /opt/glitchtip/runtime
+vim /opt/glitchtip/gunicon.py
+```
+
+```ini
+pidfile = "/opt/glitchtip/runtime/pid"
+bind = "unix:/opt/glitchtip/runtime/socket"
+proc_name = "glitchtip"
+worker_tmp_dir = "/dev/shm"
+workers = 3
+```
+
+#### systemd service
+```shell
+su -
+vim /etc/systemd/system/glitchtip.service
+```
+```ini
+[Unit]
+Description=glitchtip daemon
+After=network.target
+
+[Service]
+PIDFile=/opt/glitchtip/runtime/pidfile
+EnvironmentFile=/opt/glitchtip/glitchtip-backend/.env
+User=glitchtip
+Group=glitchtip
+RuntimeDirectory=glitchtip
+WorkingDirectory=/opt/glitchtip/glitchtip-backend
+ExecStart=/opt/glitchtip/glitchtip-backend/.venv/bin/gunicorn glitchtip.wsgi --config /opt/glitchtip/gunicorn.py
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+```shell
+sudo systemctl daemon-reload
+sudo systemctl start glitchtip
+sudo journalctl -u glitchtip
+sudo systemctl enable glitchtip
+```
+
+## nginx
+
+### letsencrypt
+because of the mess with python 3.13 i use special venv for certbot
+```shell
+cd /root
+python3.11 -m venv certbot-venv
+source certbot-venv/bin/activate
+pip install certbot
+systemctl stop nginx
+./certbot-venv/bin/certbot certonly --standalone -d your.domin.tld --cert-name your.domin.tld
+systemctl start nginx
+deactivate
+mkdir -p /etc/nginx/ssl/certs/your.domain.tld
+openssl dhparam -out /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem 2048
+# renewing
+# touch /var/spool/cron/crontabs/root
+# crontab -l > mycron
+# echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
+# crontab mycron
+# rm mycron
+```
+
+### vhost
+```shell
+vim /etc/nginx/sites-available/your.domain.tld.conf
+```
+
+```nginx
+server {
+  listen 80;
+  listen [::]:80;
+  server_name your.domain.tld;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen [::]:443 ssl http2;
+  listen 443 ssl http2;
+  server_name your.domain.tld;
+  access_log /var/log/nginx/your.domain.tld.access.log;
+  error_log /var/log/nginx/your.domain.tld.error.log;
+
+  ssl_certificate /etc/letsencrypt/live/your.domain.tld/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/your.domain.tld/privkey.pem;
+  ssl_dhparam /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem;
+
+  add_header Strict-Transport-Security max-age=15768000;
+
+  location ~ /\.git {
+          deny all;
+  }
+
+  location / {
+          alias /opt/glitchtip/glitchtip-backend/static/;
+          try_files $uri $uri/index.html /index.html;
+          expires 1h;
+          add_header Pragma public;
+          add_header Cache-Control "public";
+  }
+  location /media/ {
+          alias /opt/glitchtip/glitchtip-backend/media/;
+  }
+
+  location ~ ^/(api|admin|_health|rest-auth)/ {
+          proxy_pass         http://unix:/opt/glitchtip/runtime/socket;
+          proxy_redirect     off;
+          proxy_set_header   Host                 $host;
+          proxy_set_header   X-Real-IP            $remote_addr;
+          proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+          proxy_set_header   X-Forwarded-Proto    $scheme;
+  }
+}
+
+```
+
+```shell
+ln -s /etc/nginx/sites-available/your.domain.tld.conf /etc/nginx/sites-enabled/
+nginx -t
+systemctl restart nginx
 ```
 
 ## sources