Merge remote-tracking branch 'upstream/main' into feat/authentik-idp

2026-04-29 13:56:36 +00:00 · 2023-05-25 16:09:37 +03:00
parent c506d3ee16 b7e8d09673
commit 69a9f26951
166 changed files with 428 additions and 322 deletions
--- a/src/pages/_app.jsx
+++ b/src/pages/_app.jsx
@@ -23,12 +23,9 @@ export default function App({ Component, pageProps }) {
  return (
    <>
      <Head>
-        {router.pathname === '/' ? (
-          <title>NetBird Docs</title>
-        ) : (
-            router.pathname.startsWith('/docs') ?
-          <title>{`${pageProps.title} - NetBird Docs`}</title> : <title>{`${pageProps.title} - NetBird API`}</title>
-        )}
+        {router.route.startsWith('/ipa') ?
+            <title>{`${pageProps.title} - NetBird API`}</title> : <title>{`${pageProps.title} - NetBird Docs`}</title>
+        }
        <meta name="description" content={pageProps.description} />
      </Head>
      <MDXProvider components={mdxComponents}>
--- a/src/pages/_document.jsx
+++ b/src/pages/_document.jsx
@@ -40,6 +40,7 @@ export default function Document() {
    <Html lang="en">
      <Head>
        <script dangerouslySetInnerHTML={{ __html: modeScript }} />
+          <link rel="shortcut icon" href="/docs-static/img/favicon.ico" />
      </Head>
      <body className="bg-white antialiased dark:bg-zinc-900">
        <Main />
--- a/src/pages/docs/about-netbird/faq.mdx
+++ b/src/pages/docs/about-netbird/faq.mdx
@@ -8,7 +8,7 @@ export const title = 'FAQ'
 NetBird's agent doesn't require any incoming port to be open; It negotiates the connection with the support of the signal and relay services.
 ### Outgoing ports
 NetBird usually won't need open ports, but sometimes you or your IT team needs to secure and verify
-all outgoing traffic, and that may affect how NetBird clients connect to the [control layer](/docs/about-netbird/how-netbird-works)
+all outgoing traffic, and that may affect how NetBird clients connect to the [control layer](/about-netbird/how-netbird-works)
 and negotiate the peer-to-peer connections.

 Below is the list of NetBird hosted endpoints and ports they listen to:
--- a/src/pages/docs/about-netbird/how-netbird-works.mdx
+++ b/src/pages/docs/about-netbird/how-netbird-works.mdx
@@ -18,16 +18,16 @@ A **Peer** is a machine or any device that is connected to the network.
 It can be a Linux server running in the cloud or on-premises, a personal laptop, or even a Raspberry PI.

 <p>
-    <img src="/img/architecture/high-level-dia.png" alt="high-level-dia" width="781" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
+    <img src="/docs-static/img/architecture/high-level-dia.png" alt="high-level-dia" width="781" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
 </p>

 With NetBird clients installed and authorized on the Management service, machines form a mesh network connecting to each other directly via an encrypted point-to-point Wireguard tunnel.

 <p>
-    <img src="/img/architecture/mesh.png" alt="high-level-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
+    <img src="/docs-static/img/architecture/mesh.png" alt="high-level-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
 </p>

-While it is possible to create a full mesh network, it might be not a desirable outcome. In this case, [ACLs](/docs/how-to/restrict-access-to-peers) can be utilized to limit the access to certain machines.
+While it is possible to create a full mesh network, it might be not a desirable outcome. In this case, [ACLs](/how-to/manage-network-access) can be utilized to limit the access to certain machines.

 Let's now take a closer look at each of NetBird's components.

@@ -39,7 +39,7 @@ It keeps the network state, public Wireguard keys of the peers, authenticates an
 The Management Service's responsibilities include:

 * **Registering and authenticating new peers.**  Every new machine has to register itself in the network in order to connect to other machines.
-After installation, NetBird client requires login that can be done through Identity Provider (IDP) or with a [setup key](/docs/how-to/register-peers-using-setup-keys).
+After installation, NetBird client requires login that can be done through Identity Provider (IDP) or with a [setup key](/how-to/register-machines-using-setup-keys).
 * **Keeping the network map.** The Management service stores information about all the registered peers including Wireguard public key that was sent during the registration process.
 * **Managing private IP addresses.** Each peer receives a unique private IP with which it can be identified in the network.
 We use [Carrier Grade NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT) address space with an allocated address block <em>100.64.0.0/10</em>.
@@ -54,7 +54,7 @@ After that, they are able to establish a connection to the new peer.
 The Management service runs in the cloud NetBird-managed. It can also be self-hosted.

 <p>
-    <img src="/img/architecture/management.png" alt="management-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
+    <img src="/docs-static/img/architecture/management.png" alt="management-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
 </p>

 ### Client Application
@@ -88,14 +88,14 @@ The only Signal's responsibility is:
 This is done through Signal. After a connection has been established, Signal steps out.

 <p>
-    <img src="/img/architecture/signal.png" alt="signal-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
+    <img src="/docs-static/img/architecture/signal.png" alt="signal-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
 </p>

 <Note>
    Messages that are sent over Signal are **peer-to-peer encrypted**, so Signal can't see the contents.
 </Note>

-NetBird Signal is very similar to the signaling servers used in [WebRTC](https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Signaling_and_video_calling#the_signaling_server).
+NetBird Signal is very similar to the signaling servers used in [WebRTC](https://developer.mozilla.org/en-US/Web/API/WebRTC_API/Signaling_and_video_calling#the_signaling_server).
 It runs in the cloud NetBird-managed and can be self-hosted.

 ### Relay Service
@@ -105,7 +105,7 @@ In fact, we use an open-source implementation called [Coturn](https://github.com
 The purpose of this service is to be a "plan B" and relay traffic between peers in case a peer-to-peer connection isn't possible.

 <p>
-    <img src="/img/architecture/relay.png" alt="relay-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
+    <img src="/docs-static/img/architecture/relay.png" alt="relay-dia" style={{boxShadow: '0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19)'}}/>
 </p>

 <Note>
@@ -123,7 +123,7 @@ Below is a high level, step-by-step overview of the flow of communications withi

 1. Administrator creates an account at [app.netbird.io](https://app.netbird.io/).
 2. The system automatically generates a new network with an allocated address block <em>100.64.0.0/10</em>.
-3. The system automatically generates 2 [setup keys](/docs/how-to/register-peers-using-setup-keys) that can be used for authenticating new machines.
+3. The system automatically generates 2 [setup keys](/how-to/register-machines-using-setup-keys) that can be used for authenticating new machines.
 4. Administrator (or a user) installs NetBird client and runs ```netbird up``` command providing one of the setup keys.
 5. NetBird client generates Wireguard private and public keys along with the initial configuration.
 6. NetBird client sends a registration request to the NetBird Management service calling Login gRPC endpoint, providing setup key, Wireguard public key and additional information about the machine.
--- a/src/pages/docs/about-netbird/netbird-vs-traditional-vpn.mdx
+++ b/src/pages/docs/about-netbird/netbird-vs-traditional-vpn.mdx
@@ -23,7 +23,7 @@ To achieve this, NetBird client applications employ signalling servers to find o
 These are similar to the signaling servers used in [WebRTC](https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Signaling_and_video_calling#the_signaling_server)

 Thanks to [NAT traversal techniques](https://en.wikipedia.org/wiki/NAT_traversal),
-outlined in the [Why Wireguard with NetBird](/docs/about-netbird/why-wireguard-with-netbird) section,
+outlined in the [Why Wireguard with NetBird](/about-netbird/why-wireguard-with-netbird) section,
 NetBird installation doesn't require complex network and firewall configuration.
 It just works, minimising the maintenance effort.

--- a/src/pages/docs/about-netbird/other.mdx
+++ b/src/pages/docs/about-netbird/other.mdx
@@ -21,7 +21,7 @@ The goal of the task is to get familiar with the system by setting up a self-hos
 It is possible to set up multiple peers on the same machine. Find out how!
 </Note>
 4. Ping machines and make sure that they are reachable.
-5. We might ask you to provide a generated [setup key](/docs/how-to/setup-keys) so that we could test your setup.
+5. We might ask you to provide a generated [setup key](/how-to/setup-keys) so that we could test your setup.

 Please reach out to us with any questions. We believe you will have some! :)

--- a/src/pages/docs/about-netbird/why-wireguard-with-netbird.mdx
+++ b/src/pages/docs/about-netbird/why-wireguard-with-netbird.mdx
--- a/src/pages/docs/how-to/access-netbird-public-api.mdx
+++ b/src/pages/docs/how-to/access-netbird-public-api.mdx
@@ -3,7 +3,7 @@

 ## Service Users

-Service users are non-interactive accounts that are used to create tokens to access resources and perform actions within your organization's network using NetBird's public API.
+Service users are non-interactive accounts that are used to create tokens to access resources and perform actions within your organization's network using [NetBird's public API](/api).

 Service users provide additional security by allowing you to limit the scope of access granted to the service user and void losing automated access to critical systems when employees leave the company.

@@ -22,14 +22,14 @@ The most common usage scenarios:

 To create a service user, you'll need to log in to your organization's account at https://app.netbird.io and navigate to the "Users" -> "Service Users" section of your account.
 <p>
-    <img src="/img/overview/service-user-overview.png" alt="service-user-overview" width="780" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/service-user-overview.png" alt="service-user-overview" width="780" class="imagewrapper"/>
 </p>

 From there, you can create a new service user and specify a role that the user should have.
 User role allows read-only access, use the admin for write access.

 <p>
-    <img src="/img/overview/service-user-creation.png" alt="service-user-creation-popup" width="400" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/service-user-creation.png" alt="service-user-creation-popup" width="400" class="imagewrapper"/>
 </p>

 <Note>
@@ -41,20 +41,20 @@ User role allows read-only access, use the admin for write access.
 To create an access token, you'll need to log in to your account and navigate to the "Users" section and look for your user or create a [service user](#service-users) to use for your API requests.

 <p>
-    <img src="/img/overview/personal-access-token-overview.png" alt="personal-access-token-overview" width="780" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/personal-access-token-overview.png" alt="personal-access-token-overview" width="780" class="imagewrapper"/>
 </p>

 From there, you can create a new token and specify expiration for the token. You won't be able to modify your token.

 <p>
-    <img src="/img/overview/personal-access-token-creation.png" alt="personal-access-creation-popup" width="400" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/personal-access-token-creation.png" alt="personal-access-creation-popup" width="400" class="imagewrapper"/>
 </p>

 After the token was generated successfully you will see a plain version of your token to copy and store in a secure place.
 Be aware that once you close the popup it is impossible to see the plain version of the token again as NetBird only stores a hashed version of the token.

 <p>
-    <img src="/img/overview/personal-access-token-example.png" alt="personal-access-token-example" width="400" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/personal-access-token-example.png" alt="personal-access-token-example" width="400" class="imagewrapper"/>
 </p>

 <Note>
@@ -63,7 +63,7 @@ Be aware that once you close the popup it is impossible to see the plain version

 ### Using access tokens

-Once you have created an access token, you can use it to authenticate API requests to NetBird. See [NetBird API](/ipa/introduction) documentation for detailed usage.
+Once you have created an access token, you can use it to authenticate API requests to NetBird. See [NetBird API](/api/introduction) documentation for detailed usage.

 For example, if you were using the GitHub API, you might include your personal access token like this:

--- a/src/pages/how-to/add-machines-to-your-network.mdx
+++ b/src/pages/how-to/add-machines-to-your-network.mdx
@@ -0,0 +1,48 @@
+
+# Add machines to your NetBird network
+
+Whether you have a network for personal use or manage your company's corporate network, you'd probably want to add machines
+(or peers in NetBird's terms) to your network.
+
+NetBird peer is a machine that runs the [NetBird agent](/about-netbird/how-netbird-works#client-application)
+and is connected to the network. NetBird peer can be a virtual machine running in the cloud like AWS or Google Cloud,
+an Android or iOS device, a personal laptop, a single-board computer like Raspberry Pi, a docker container, or even a router.
+
+## Use NetBird web UI to add new peers
+
+To add a new peer to your network follow these steps:
+1. Sign-in you NetBird account at https://app.netbird.io/ and go to the Peers tab.
+2. Hit `Add new peer` button
+
+<p>
+    <img src="/docs-static/img/how-to-guides/add-new-peer-empty.png" alt="high-level-dia" class="imagewrapper"/>
+</p>
+
+3. Follow the instructions
+
+<p>
+    <img src="/docs-static/img/how-to-guides/add-new-peer-popup.png" alt="high-level-dia" width="700" class="imagewrapper"/>
+</p>
+
+4. Refresh the Peers tab, and it will display new machines
+
+<p>
+    <img src="/docs-static/img/how-to-guides/peer-list.png" alt="high-level-dia" class="imagewrapper"/>
+</p>
+
+
+## What's next?
+
+Here are a few links that might be handy as you venture further into NetBird:
+
+- [Add users to your network](/how-to/add-users-to-your-network)
+- [Use setup keys to automate NetBird deployments](/how-to/register-machines-using-setup-keys)
+
+<p float="center" >
+    <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Try NetBird</Button>
+</p>
+
+- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
+- Follow us [on Twitter](https://twitter.com/netbird)
+- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A)
+- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
--- a/src/pages/docs/how-to/add-users-to-your-network.mdx
+++ b/src/pages/docs/how-to/add-users-to-your-network.mdx
@@ -34,7 +34,7 @@ The invited users will receive an email invitation that they have to confirm.
 After logging in to the system, they will join your network automatically.

 <p>
-    <img src="/img/how-to-guides/user-invites.gif" alt="high-level-dia" width="800" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/user-invites.gif" alt="high-level-dia" width="800" class="imagewrapper"/>
 </p>

 <Note>
--- a/src/pages/docs/how-to/cli.mdx
+++ b/src/pages/docs/how-to/cli.mdx
@@ -26,8 +26,8 @@ Below is the list of global flags:
      --admin-url string        Admin Panel URL [http|https]://[host]:[port] (default "https://app.netbird.io")
  -c, --config string           Netbird config file location (default "/etc/netbird/config.json")
      --daemon-addr string      Daemon service address to serve CLI requests [unix|tcp]://[path|host:port] (default "unix:///var/run/netbird.sock")
-      --log-file string         sets Netbird log path. If console is specified the the log will be output to stdout (default "/var/log/netbird/client.log")
-  -l, --log-level string        sets Netbird log level (default "info")
+      --log-file string         sets NetBird log path. If console is specified the the log will be output to stdout (default "/var/log/netbird/client.log")
+  -l, --log-level string        sets NetBird log level (default "info")
  -m, --management-url string   Management Service URL [http|https]://[host]:[port] (default "https://api.wiretrustee.com:443")
  -p, --preshared-key string    Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.
  -k, --setup-key string        Setup key obtained from the Management Service Dashboard (used to register peer)
--- a/src/pages/docs/how-to/enforce-periodic-user-authentication.mdx
+++ b/src/pages/docs/how-to/enforce-periodic-user-authentication.mdx
@@ -5,13 +5,13 @@ To ensure a high level of security, NetBird offers a peer login expiration featu
 Every new network has this feature enabled, and the expiration period is set to 24 hours by default. You can disable this feature and configure the expiration period in the account settings in the web UI https://app.netbird.io/settings.

 <Note>
-    This feature is only applied to peers added with the [interactive SSO login feature](/getting-started/installation#running-netbird-with-sso-login). Peers, added with a setup key, won't be affected.
+    This feature is only applied to peers added with the [interactive SSO login feature](/how-to/installation#running-net-bird-with-sso-login). Peers, added with a setup key, won't be affected.
 </Note>

 Expired peers will appear in the peers' view with the status `needs login`.

 <p>
-    <img src="/img/how-to-guides/peer-needs-login.png" alt="peer-needs-login.png" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/peer-needs-login.png" alt="peer-needs-login.png" class="imagewrapper"/>
 </p>

 ## Configure and disable expiration
@@ -20,7 +20,7 @@ Go to the Web UI Settings tab and set the desired period in the Authentication s
 You can also disable the expiration for the whole network in the same section.

 <p>
-    <img src="/img/how-to-guides/peer-login-expiration.png" alt="peer-login-expiration" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/peer-login-expiration.png" alt="peer-login-expiration" class="imagewrapper"/>
 </p>


@@ -36,7 +36,7 @@ In the Peers tab of the web UI click on the peer you want to disable expiration
 Peers with `expiration disabled` will be marked with a corresponding label in the peers' table.

 <p>
-    <img src="/img/how-to-guides/individual-peer-login-expiration.png" alt="peer-login-expiration" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/individual-peer-login-expiration.png" alt="peer-login-expiration" class="imagewrapper"/>
 </p>

 ## Get started
--- a/src/pages/docs/how-to/examples.mdx
+++ b/src/pages/docs/how-to/examples.mdx
@@ -4,7 +4,7 @@ export const title = 'Examples'
 ## NetBird Client on AWS ECS (Terraform)

 <p>
-    <img src="/img/examples/wiretrustee-on-aws-ecs.png" alt="high-level-dia" width="400"/>
+    <img src="/docs-static/img/examples/wiretrustee-on-aws-ecs.png" alt="high-level-dia" width="400"/>
 </p>

 A common way to run containers in the AWS cloud is to use Elastic Container Service (ECS).
@@ -100,7 +100,7 @@ One of the simplest ways of running NetBird client application is to use a pre-b
 * **NetBird account.**
   Register one at [app.netbird.io](https://app.netbird.io/).

-You would need to obtain a [setup key](/docs/how-to/register-peers-using-setup-keys) to associate NetBird client with your account.
+You would need to obtain a [setup key](/how-to/register-machines-using-setup-keys) to associate NetBird client with your account.

 The setup key could be found in the NetBird Management dashboard under the Setup Keys tab - [https://app.netbird.io/setup-keys](https://app.netbird.io/setup-keys).

--- a/src/pages/docs/how-to/getting-started.mdx
+++ b/src/pages/docs/how-to/getting-started.mdx
@@ -20,7 +20,7 @@ Both machines are running Linux but NetBird also works on Windows, MacOS nad pop
 You can use your Google, GitHub or Microsoft account.

 <p>
-    <img src="/img/getting-started/auth.png" alt="login-to-netbird" class="imagewrapper" />
+    <img src="/docs-static/img/getting-started/auth.png" alt="login-to-netbird" class="imagewrapper" />
 </p>

 2. After a successful login you will be redirected to the ```Peers``` screen which is empty because you don't have any peers yet.
@@ -28,25 +28,25 @@ You can use your Google, GitHub or Microsoft account.
 The `Add peer` window should automatically pop up, but if it doesn't, click ```Add new peer``` to add a new machine.

 <p>
-    <img src="/img/getting-started/empty-peers.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/empty-peers.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>

 3. Choose your machine operating system (in our case it is ```Linux```) and proceed with the installation steps.

 <p>
-    <img src="/img/getting-started/add-peer.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/add-peer.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>

 4. If you installed NetBird Desktop UI you can use it to connect to the network instead of running `netbird up` command. Look for `NetBird` in your application list, run it, and click `Connect`.
 >

 <p>
-    <img src="/img/getting-started/systray.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/systray.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>
 5. At this point a browser window pops up starting a device registration process. Click confirm and follow the steps if required.

 <p>
-    <img src="/img/getting-started/device-confirmation.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/device-confirmation.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>

 6. On the EC2 node repeat the installation steps and run `netbird up` command.
@@ -57,13 +57,13 @@ sudo netbird up
 7. Copy the verification URL from the terminal output and paste it in your browser. Repeat step #5

 <p>
-    <img src="/img/getting-started/netbird-up.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/netbird-up.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>

 8. Return to ```Peers``` and you should notice 2 new machines with status ```online```

 <p>
-    <img src="/img/getting-started/peers.png" alt="login-to-netbird" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/peers.png" alt="login-to-netbird" class="imagewrapper"/>
 </p>

 9. To test the connection you could try pinging devices:
@@ -271,7 +271,7 @@ If you installed the Desktop UI client, you can launch it and click on Connect.
 > It will open your browser, and you will be prompt for email and password. Follow the instructions.

 <p>
-    <img src="/img/getting-started/netbird-sso-login-ui.gif" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/netbird-sso-login-ui.gif" alt="high-level-dia" class="imagewrapper"/>
 </p>

 #### CLI
@@ -282,7 +282,7 @@ Alternatively, you could use command line. Simply run
 > It will open your browser, and you will be prompt for email and password. Follow the instructions.

 <p>
-    <img src="/img/getting-started/netbird-sso-login-cmd.gif" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/netbird-sso-login-cmd.gif" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Check connection status:
@@ -291,10 +291,10 @@ Check connection status:
 ```

 ### Running NetBird with a Setup Key
-In case you are activating a server peer, you can use a [setup key](/docs/how-to/register-peers-using-setup-keys) as described in the steps below.
+In case you are activating a server peer, you can use a [setup key](/how-to/register-machines-using-setup-keys) as described in the steps below.
 > This is especially helpful when you are running multiple server instances with infrastructure-as-code tools like ansible and terraform.

-1. Login to the Management Service. You need to have a `setup key` in hand (see [setup keys](/docs/how-to/register-peers-using-setup-keys)).
+1. Login to the Management Service. You need to have a `setup key` in hand (see [setup keys](/how-to/register-machines-using-setup-keys)).

 For all systems:
 ```bash
@@ -338,13 +338,13 @@ On **Windows**:

 Set the ```NB_SETUP_KEY``` environment variable and run the command.
 <Note>
-    You can pass other settings as environment variables. See [Environment variables](reference/netbird-commands.md#environment-variables) for details.
+    You can pass other settings as environment variables. See [environment variables](/how-to/cli#environment-variables) for details.
 </Note>
 ```bash
 docker run --rm --name PEER_NAME --hostname PEER_NAME --cap-add=NET_ADMIN -d -e NB_SETUP_KEY=<SETUP KEY> -v netbird-client:/etc/netbird netbirdio/netbird:latest
 ```

-See [Docker example](examples/netbird-docker.md) for details.
+See [Docker example](/how-to/examples#net-bird-client-in-docker) for details.

 ### Troubleshooting
 1. If you are using self-hosted version and haven't specified `--management-url`, the client app will use the default URL
--- a/src/pages/docs/how-to/installation.mdx
+++ b/src/pages/docs/how-to/installation.mdx
@@ -144,6 +144,16 @@ Recommended way is to add NetBird in firewall settings:
 9. Provide rule name (e.g. "Netbird Egress Traffic") and click "Finish".
 10. Disconnect and connect to NetBird.

+### Android
+
+NetBird has an official Android application that you can download at Google Play Store:
+
+<p>
+    <a href="https://play.google.com/store/apps/details?id=io.netbird.client" target="_blank">
+        <img src="/docs-static/img/how-to-guides/google-play-badge.png" width="200" alt="playstore" class="imagewrapper"/>
+    </a>
+
+</p>

 ### Binary Install
 **Installation from binary (CLI only)**
@@ -187,7 +197,7 @@ If you installed the Desktop UI client, you can launch it and click on Connect.
 > It will open your browser, and you will be prompt for email and password. Follow the instructions.

 <p>
-    <img src="/img/getting-started/netbird-sso-login-ui.gif" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/netbird-sso-login-ui.gif" alt="high-level-dia" class="imagewrapper"/>
 </p>

 #### CLI
@@ -198,7 +208,7 @@ Alternatively, you could use command line. Simply run
 > It will open your browser, and you will be prompt for email and password. Follow the instructions.

 <p>
-    <img src="/img/getting-started/netbird-sso-login-cmd.gif" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/getting-started/netbird-sso-login-cmd.gif" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Check connection status:
@@ -207,10 +217,10 @@ Check connection status:
 ```

 ### Running NetBird with a Setup Key
-In case you are activating a server peer, you can use a [setup key](/docs/how-to/register-peers-using-setup-keys) as described in the steps below.
+In case you are activating a server peer, you can use a [setup key](/how-to/register-machines-using-setup-keys) as described in the steps below.
 > This is especially helpful when you are running multiple server instances with infrastructure-as-code tools like ansible and terraform.

-1. Login to the Management Service. You need to have a `setup key` in hand (see [setup keys](/docs/how-to/register-peers-using-setup-keys)).
+1. Login to the Management Service. You need to have a `setup key` in hand (see [setup keys](/how-to/register-machines-using-setup-keys)).

 For all systems:
 ```bash
@@ -254,13 +264,13 @@ On **Windows**:

 Set the ```NB_SETUP_KEY``` environment variable and run the command.
 <Note>
-    You can pass other settings as environment variables. See [Environment variables](reference/netbird-commands.md#environment-variables) for details.
+    You can pass other settings as environment variables. See [Environment variables](/how-to/cli#environment-variables) for details.
 </Note>
 ```bash
 docker run --rm --name PEER_NAME --hostname PEER_NAME --cap-add=NET_ADMIN -d -e NB_SETUP_KEY=<SETUP KEY> -v netbird-client:/etc/netbird netbirdio/netbird:latest
 ```

-See [Docker example](examples/netbird-docker.md) for details.
+See [Docker example](/how-to/examples#net-bird-client-in-docker) for details.

 ### Troubleshooting
 1. If you are using self-hosted version and haven't specified `--management-url`, the client app will use the default URL
--- a/src/pages/docs/how-to/manage-dns-in-your-network.mdx
+++ b/src/pages/docs/how-to/manage-dns-in-your-network.mdx
@@ -18,7 +18,7 @@ Starting [v0.11.0](https://github.com/netbirdio/netbird/releases), NetBird autom
 to each peer in a private `netbird.cloud` space that can be used to access the machines. E.g., `my-server.netbird.cloud`.

 Besides accessing machines by their domain names, you can configure NetBird to use your private nameservers,
-control what nameservers a specific [peer group](/docs/how-to/access-control#concepts) should use, and set up split DNS.
+control what nameservers a specific [peer group](/how-to/manage-network-access#groups) should use, and set up split DNS.

 <Note>
    Nameservers feature is available in NetBird [v0.11.0](https://github.com/netbirdio/netbird/releases) or later.
@@ -57,7 +57,7 @@ A nameserver group defines up to 2 nameservers to resolve DNS to a set of peers
 ### Creating a nameserver group
 Access the `DNS` tab and click the `Add Nameserver` button to create a new nameserver.
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-add-button.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-add-button.png" alt="high-level-dia" class="imagewrapper"/>
 </p>
 That will open a nameserver selection configuration screen where you can choose between using three predefined public
 nameservers or using a custom setup.
@@ -68,13 +68,13 @@ If you choose a predefined public nameserver option, you can select the followin
 - [Cloudflare DNS servers](https://one.one.one.one/dns/)
 - [Quad9 DNS servers](https://www.quad9.net/)
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-selection-view-open.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-selection-view-open.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 After selecting one of the three options, you need to assign a peer group for which this nameserver will be effective.
 In the example below, we chose the "All" group:
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-all-group.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-all-group.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 #### Creating custom nameservers
@@ -88,7 +88,7 @@ In the example below, we are creating a nameserver with the following informatio
 - Match mode: `All domains`
 - Distribution group: `Remote developers`
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-custom.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-custom.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 ### Creating a nameserver for specific domains
@@ -96,7 +96,7 @@ Sometimes we want to forward DNS queries to specific nameservers but only for pa
 Taking the example of custom nameservers above, you could select a match mode for only domains listed there.
 Below you can see the same nameserver setup but only for the `berlinoffice.com` domain:
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-remote-resolver.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-remote-resolver.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 <Note>
@@ -108,12 +108,12 @@ You can select as many distribution groups as you want for your nameserver setup
 ### Adding remote private DNS servers
 To add a private DNS server that is running behind routing peers, you need to create resources to ensure communication between your nameserver clients can communicate. In the Berlin office example from previous steps, we have a peer from the `Office network` that can route traffic to the `192.168.0.32` IP, so we need to ensure that a similar network route exists:
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-remote-route.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-remote-route.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Then we need to confirm that an access rule exists to connect `Remote developers` to `Office network` group:
 <p>
-    <img src="/img/how-to-guides/netbird-nameserver-remote-rule.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-nameserver-remote-rule.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ## Testing configuration
--- a/src/pages/docs/how-to/manage-network-access.mdx
+++ b/src/pages/docs/how-to/manage-network-access.mdx
@@ -30,7 +30,7 @@ Some characteristics of groups:
 - There is a default group called `All`.

 <Note>
-    You can assign groups automatically with the [peer auto-grouping feature](/overview/setup-keys#peer-auto-grouping).
+    You can assign groups automatically with the [peer auto-grouping feature](/how-to/register-machines-using-setup-keys#peer-auto-grouping).
 </Note>

 ### The All Group
@@ -69,18 +69,18 @@ After accessing the `Access Control` tab, you can click on the `Add Rule` button
 where you need to name the rule, set its status, and add groups to the source and destination lists.

 <p>
-    <img src="/img/overview/create-rule.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/create-rule.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 If required, you can create new groups by simply entering new names in the input box for either source or destination lists.

 <p>
-    <img src="/img/overview/create-group-in-rule.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/create-group-in-rule.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 Once you are done configuring the rule, click the `Create` button to save it. You will then see your new rule in the table.
 <p>
-    <img src="/img/overview/new-rule-list.png" alt="high-level-dia" width="600" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/new-rule-list.png" alt="high-level-dia" width="600" class="imagewrapper"/>
 </p>

 <Note>
@@ -92,11 +92,11 @@ If you create a new group when defining a rule, you will need to associate peers
 You can do it by accessing the `Peers` tab and clicking the `Groups` column of any peer you want to associate with the new group.

 <p>
-    <img src="/img/overview/associate-peer-groups.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/associate-peer-groups.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 <Note>
-    You can assign groups automatically with the [peer auto-grouping feature](/overview/setup-keys#peer-auto-grouping).
+    You can assign groups automatically with the [peer auto-grouping feature](/how-to/register-machines-using-setup-keys#peer-auto-grouping).
 </Note>

 ### Updating Rules
@@ -108,9 +108,9 @@ To disable a rule, you should follow the steps of [updating rules](#updating-rul
 To delete a rule, you should click on the rule's menu and choose `Delete`. A confirmation window will pop up.

 <p>
-    <img src="/img/overview/delete-rule-menu.png" alt="high-level-dia" width="600" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/delete-rule-menu.png" alt="high-level-dia" width="600" class="imagewrapper"/>
 </p>

 <p>
-    <img src="/img/overview/delete-rule-popup.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/overview/delete-rule-popup.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>
--- a/src/pages/docs/how-to/monitor-system-and-network-activity.mdx
+++ b/src/pages/docs/how-to/monitor-system-and-network-activity.mdx
@@ -10,7 +10,7 @@ Activity monitoring is enabled by default for every network, and you can access
 You can also use the search bar to filter events by activity type.

 <p>
-    <img src="/img/how-to-guides/activity-monitoring.png" alt="activity-monitoring" width="800" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/activity-monitoring.png" alt="activity-monitoring" width="800" class="imagewrapper"/>
 </p>

 <Note>
--- a/src/pages/docs/how-to/register-machines-using-setup-keys.mdx
+++ b/src/pages/docs/how-to/register-machines-using-setup-keys.mdx
@@ -24,7 +24,7 @@ Setup keys are available in the NetBird Management dashboard under the Setup Key
 By default, we generate 2 setup keys right after account creation. You can easily add new or revoke keys.

 <p>
-    <img src="/img/architecture/setup-keys.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/architecture/setup-keys.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 <Note>
@@ -37,10 +37,10 @@ Setup keys are set to expire after 30 days. When expired, the setup key can't be
 ## Peer Auto-grouping

 <p>
-    <img src="/img/architecture/peer-auto-tagging-setupkey.gif" alt="high-level-dia" width="800" class="imagewrapper"/>
+    <img src="/docs-static/img/architecture/peer-auto-tagging-setupkey.gif" alt="high-level-dia" width="800" class="imagewrapper"/>
 </p>

-NetBird offers a powerful [Access Control feature](/docs/how-to/restrict-access-to-peers) that allows easy access management of your resources.
+NetBird offers a powerful [access control feature](/how-to/manage-network-access) that allows easy access management of your resources.
 In a basic scenario, you would create multiple groups of peers and create access rules to define what groups can access each other.
 Adding peers to groups might become time-consuming in large networks with dozens of machines.

@@ -52,7 +52,7 @@ To add `Auto-assign groups`, open the `Setup Keys` tab and create or update any
 Then use this key to enroll new machine.

 <p>
-    <img src="/img/architecture/netbird-peer-auto-tagging-newkey.png" alt="high-level-dia" width="500" class="imagewrapper"/>
+    <img src="/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png" alt="high-level-dia" width="500" class="imagewrapper"/>
 </p>

 <Note>
--- a/src/pages/docs/how-to/routing-traffic-to-private-networks.mdx
+++ b/src/pages/docs/how-to/routing-traffic-to-private-networks.mdx
@@ -15,7 +15,7 @@ NetBird provides fast and reliable end-to-end encryption between peers in your n
 In these cases, you can configure network routes assigning routing peers to connect existing infrastructure. Routing peers will forward packets between your NetBird peers and your other networks; they can masquerade traffic going to your data centers or embedded devices, reducing the need for external route configuration and agent installation.

 <p>
-    <img src="/img/how-to-guides/netbird-network-routes.png" alt="high-level-dia"  />
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes.png" alt="high-level-dia"  />
 </p>

 <Note>
@@ -60,7 +60,7 @@ A network route describes a network you want to connect with your NetBird peers.
 Access the `Network Routes` tab and click the `Add Route` button to create a new route.
 That will open a route configuration screen where you can add the information about the network you want to route:
 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-add-button.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-add-button.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Now you can enter the details of your route.
@@ -73,12 +73,12 @@ In the example below, we are creating a route with the following information:
 - Distribution Groups: `All`

 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-create.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-create.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 Once you fill in the route information, you can click on the `Save` button to save your new route.
 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-saved-new.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-saved-new.png" alt="high-level-dia" class="imagewrapper"/>
 </p>
 Done! Now every peer connected to your routing peer will be able to send traffic to your external network.

@@ -93,13 +93,13 @@ To enable high-available mode, you can click on `Configure` and select a new pee
 In the following screenshot, we are adding the peer `aws-nb-europe-router-az-b` to the `aws-eu-central-1-vpc` route:

 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-create-ha.png" alt="high-level-dia" width="300" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-create-ha.png" alt="high-level-dia" width="300" class="imagewrapper"/>
 </p>

 This way, nodes connected to both peer `aws-nb-europe-router-az-a` and peer `aws-nb-europe-router-az-b` would have a highly available connection with the network `172.31.0.0/16`.

 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-saved-new-ha.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-saved-new-ha.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 <Note>
@@ -116,7 +116,7 @@ That will require a routing configuration on your external network router pointi
 This way, devices that don't have the agent installed can communicate with your NetBird peers.

 <p>
-    <img src="/img/how-to-guides/netbird-network-routes-masquerading.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/how-to-guides/netbird-network-routes-masquerading.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ## Get started
--- a/src/pages/docs/introduction.mdx
+++ b/src/pages/docs/introduction.mdx
@@ -19,7 +19,7 @@ NetBird can connect machines running anywhere in just a few clicks.
 It literally takes less than 5 minutes to deploy a secure peer-to-peer VPN with NetBird. {{ className: 'lead' }}

 <div className="not-prose mb-16 mt-6 flex gap-3">
-  <Button href="/docs/how-to/getting-started" arrow="right" children="Getting started" />
+  <Button href="/how-to/getting-started" arrow="right" children="Getting started" />
  <Button href="https://github.com/netbirdio/netbird" variant="outline" children="Explore Github" />
 </div>

--- a/src/pages/ipa/guides/authentication.mdx
+++ b/src/pages/ipa/guides/authentication.mdx
@@ -3,7 +3,7 @@ export const description =

 # Authentication

-You'll need to authenticate your requests to access any of the endpoints in the NetBird API. In this guide, we'll look at how authentication works. Netbird offers two ways to authenticate your API requests: OAuth2 and personal access tokens (PAT). {{ className: 'lead' }}
+You'll need to authenticate your requests to access any of the endpoints in the NetBird API. In this guide, we'll look at how authentication works. NetBird offers two ways to authenticate your API requests: OAuth2 and personal access tokens (PAT). {{ className: 'lead' }}

 ## OAuth2 with bearer token

@@ -18,7 +18,7 @@ Always keep your token safe and reset it if you suspect it has been compromised.

 ## Using personal access tokens

-When establishing a connection using [PATs](/docs/how-to/access-netbird-public-api), you will need your access token — you can create one in the [Netbird dashboard](https://app.netbird.io/users) under User settings. It is recommended to use [service users](/docs/how-to/access-netbird-public-api) for all organization wide flows calling the API.  Here's how to add the token to the request header using cURL:
+When establishing a connection using [PATs](/how-to/access-netbird-public-api), you will need your access token — you can create one in the [NetBird dashboard](https://app.netbird.io/users) under User settings. It is recommended to use [service users](/how-to/access-netbird-public-api) for all organization wide flows calling the API.  Here's how to add the token to the request header using cURL:

 ```bash {{ title: 'Example request with personal access token' }}
 curl https://api.netbird.io/api/users \
@@ -28,6 +28,6 @@ curl https://api.netbird.io/api/users \
 Always keep your token safe and reset it if you suspect it has been compromised.

 <div className="not-prose mb-16 mt-6 flex gap-3">
-    <Button href="/docs/how-netbird-works#personal-access-tokens" arrow="right" children="How to create tokens" />
+    <Button href="/how-to/access-netbird-public-api#creating-an-access-token" arrow="right" children="How to create tokens" />
 </div>

--- a/src/pages/ipa/guides/quickstart.mdx
+++ b/src/pages/ipa/guides/quickstart.mdx
@@ -12,7 +12,7 @@ For this guide, we'll be using cURL to make our first API request. If you don't

 ## Get an access token

-Before making your first API request, you need to create an access token to authenticate requests to the API. You can create an access token in the [Netbird dashboard](https://app.netbird.io) under [Users &raquo; Me](https://app.netbird.io/users).
+Before making your first API request, you need to create an access token to authenticate requests to the API. You can create an access token in the [NetBird dashboard](https://app.netbird.io) under [Users &raquo; Me](https://app.netbird.io/users).
 After the token was created successfully make sure to store it as we need it for the next step.

 ## Making your first API request
@@ -31,7 +31,7 @@ curl -X GET https://api.netbird.io/api/peers \

 <div className="not-prose">
  <Button
-    href="/peers"
+    href="/api/resources/peers"
    variant="text"
    arrow="right"
    children="Read the docs for the peers endpoint"
@@ -43,6 +43,6 @@ curl -X GET https://api.netbird.io/api/peers \

 Great, you're now set up with an API client and have made your first request to the API. Here are a few links that might be handy as you venture further into the NetBird API:

- [Read how to properly authenticate against the NetBird API](/authentication)
- [Check out the users endpoint](/users)
- [Learn about the different error types](/errors)
+- [Read how to properly authenticate against the NetBird API](/api/guides/authentication)
+- [Check out the users endpoint](/api/resources/users)
+- [Learn about the different error types](/api/guides/errors)
--- a/src/pages/ipa/introduction.mdx
+++ b/src/pages/ipa/introduction.mdx
@@ -9,17 +9,17 @@ export const description =
 Use the NetBird Public API to manage users, peers, network rules and more from inside your application or scripts to automate the setup of your mesh network. {{ className: 'lead' }}

 <div className="not-prose mb-16 mt-6 flex gap-3">
-  <Button href="/ipa/guides/quickstart" arrow="right" children="Quickstart" />
+  <Button href="/api/guides/quickstart" arrow="right" children="Quickstart" />
 </div>

 ## Getting started {{ anchor: false }}

-To get started, it is recommended to create a [service user](/docs/how-to/use-service-users-with-access-token#service-users), that can later be used to communicate with the NetBird API.
-To be able to send requests to our API you need to [authenticate](/ipa/guides/authentication) on each request. This can be done either by Bearer token from your identity provider or by creating a [personal access token](/ipa/guides/authentication#using-personal-access-tokens) in the NetBird dashboard.{{ className: 'lead' }}
+To get started, it is recommended to create a [service user](/how-to/access-netbird-public-api#creating-a-service-user), that can later be used to communicate with the NetBird API.
+To be able to send requests to our API you need to [authenticate](/api/guides/authentication) on each request. This can be done either by Bearer token from your identity provider or by creating a [personal access token](/api/guides/authentication#using-personal-access-tokens) in the NetBird dashboard.{{ className: 'lead' }}

 <div className="not-prose">
  <Button
-    href="/docs/how-netbird-works#personal-access-tokens"
+    href="/how-to/access-netbird-public-api#creating-an-access-token"
    variant="text"
    arrow="right"
    children="Get your personal access token"
--- a/src/pages/docs/selfhosted/identity-providers.mdx
+++ b/src/pages/docs/selfhosted/identity-providers.mdx
@@ -10,7 +10,7 @@ There are a few Identity Provider options that you can choose to run a self-host

 ## Auth0

-This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide) and explains how to integrate **self-hosted** NetBird with [Auth0](https://auth0.com/).
+This guide is a part of the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide) and explains how to integrate **self-hosted** NetBird with [Auth0](https://auth0.com/).

 Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications.
 It is a 3rd party managed service and can't be self-hosted. Auth0 is the right choice if you don't want to manage an Identity Provider (IDP)
@@ -61,8 +61,8 @@ This Auth0 API will be used to access NetBird Management Service API.

 ### Step 4: Enable Interactive SSO Login (Optional)

-The [Interactive SSO Login feature](/getting-started/installation#running-netbird-with-sso-login) allows for machine
-authorization with your Identity Provider. This feature can be used as an alternative to [setup keys](docs/how-to/register-peers-using-setup-keys)
+The [Interactive SSO Login feature](/how-to/installation#running-net-bird-with-sso-login) allows for machine
+authorization with your Identity Provider. This feature can be used as an alternative to [setup keys](/how-to/register-machines-using-setup-keys)
 and is optional.

 You can enable it by following these steps:
@@ -75,14 +75,14 @@ You can enable it by following these steps:
 - Click `Create`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/auth0-create-interactive-login-app.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-create-interactive-login-app.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Click `Settings` tab
 - Copy **`Client ID`** to `NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID` in the `setup.env` file

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/auth0-interactive-login-settings.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-interactive-login-settings.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Scroll down to the `Advanced Settings` section
@@ -90,16 +90,16 @@ You can enable it by following these steps:
 - Click `Save Changes`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/auth0-grant-types.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/auth0-grant-types.png" alt="high-level-dia" class="imagewrapper"/>
 </p>


 ### Step 4: Continue with the self-hosting guide
-You can now continue with the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide#step-3-configure-identity-provider).
+You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-3-configure-identity-provider).

 ## Keycloak

-This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide) and explains how to integrate
+This guide is a part of the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide) and explains how to integrate
 **self-hosted** NetBird with [Keycloak](https://www.keycloak.org/).

 Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.
@@ -115,11 +115,11 @@ The following guide is an adapted version of the original
 ### Expected Result

 After completing this guide, you can log in to your self-hosted NetBird Dashboard and add your machines
-to your network using the [Interactive SSO Login feature](/docs/how-to/getting-started#running-net-bird-with-sso-login)
+to your network using the [Interactive SSO Login feature](/how-to/getting-started#running-net-bird-with-sso-login)
 over Keycloak.

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-auth-grant.gif" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-auth-grant.gif" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 1: Check your Keycloak Instance
@@ -143,7 +143,7 @@ To create a realm you need to:
 - Click `Create`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-create-realm.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-realm.png" alt="high-level-dia" class="imagewrapper"/>
 </p>


@@ -160,7 +160,7 @@ In this step we will create a NetBird administrator user.
 - Click `Create`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-create-user.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-user.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 The user will need an initial password set to be able to log in. To do this:
@@ -171,7 +171,7 @@ The user will need an initial password set to be able to log in. To do this:
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-set-password.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-set-password.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 4: Create a NetBird client
@@ -188,14 +188,14 @@ In this step we will create NetBird application client and register with the Key
 - Your newly client `netbird-client` will be used later to set `NETBIRD_AUTH_CLIENT_ID` in the `setup.env`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-create-client.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-client.png" alt="high-level-dia" class="imagewrapper"/>
 </p>


 - Check the checkboxes as on the screenshot below and click Save

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-enable-auth.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-enable-auth.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 5: Adjust NetBird client access settings
@@ -215,7 +215,7 @@ In this step we will configure NetBird application client access with the NetBir
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-access-settings.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-access-settings.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 6: Create a NetBird client scope
@@ -233,7 +233,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-create-client-scope.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-client-scope.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - While in the newly created Client Scope, switch to the `Mappers` tab
@@ -241,7 +241,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
 - Choose the `Audience` mapping

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Fill in the form with the following values:
@@ -251,7 +251,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper-2.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-configure-audience-mapper-2.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 7: Add client scope to NetBird client
@@ -267,7 +267,7 @@ In this step, we will create and configure the NetBird client audience for Keycl
 - The value `netbird-client` will be used as audience

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloack-add-client-scope.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloack-add-client-scope.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 8: Create a NetBird-Backend client
@@ -284,13 +284,13 @@ In this step we will create NetBird backend client and register with the Keycloa
 - Your newly client `netbird-backend` will be used later to set `KeycloakClientCredentials` in the `management.json`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-create-backend-client.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-create-backend-client.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Check the checkboxes as on the screenshot below and click Save

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-backend-client-auth.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-backend-client-auth.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 The client will need secret to authenticate. To do this:
@@ -298,7 +298,7 @@ The client will need secret to authenticate. To do this:
 - Copy `client secret` will be used later to set `ClientSecret` in the `management.json`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-backend-client-credentials.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-backend-client-credentials.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 9: Add manage-users role to netbird-backend
@@ -312,13 +312,13 @@ The client will need secret to authenticate. To do this:
 - Select `Filter by clients` and search for `manage-users`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-service-account-role.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-service-account-role.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Check the role checkbox and click assign

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/keycloak-add-role.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/keycloak-add-role.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Your authority OIDC configuration will be available under:
@@ -334,9 +334,9 @@ https://<YOUR-KEYCLOAK-HOST-AND-PORT>/realms/netbird/.well-known/openid-configur
 - NETBIRD_AUTH_CLIENT_ID=`netbird-client`
 - NETBIRD_AUTH_AUDIENCE=`netbird-client`
 - NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=`netbird-client`. Optional,
-it enables the [Interactive SSO Login feature](/docs/how-to/getting-started#running-net-bird-with-sso-login) (Oauth 2.0 Device Authorization Flow)
+it enables the [Interactive SSO Login feature](/how-to/getting-started#running-net-bird-with-sso-login) (Oauth 2.0 Device Authorization Flow)

- You can now continue with the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide#step-3-configure-identity-provider).
+- You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-3-configure-identity-provider).

 - Set property `IdpManagerConfig` in the `management.json` file with:
 <Note>
@@ -362,7 +362,7 @@ it enables the [Interactive SSO Login feature](/docs/how-to/getting-started#runn

 ## Azure AD

-This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide) and explains how to integrate **self-hosted** NetBird with [Azure AD](https://azure.microsoft.com/en-us/products/active-directory/).
+This guide is a part of the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide) and explains how to integrate **self-hosted** NetBird with [Azure AD](https://azure.microsoft.com/en-us/products/active-directory/).

 Azure AD is a an enterprise identity service that provides single sign-on and multifactor authentication to your applications.
 It is a 3rd party managed service and can't be self-hosted.
@@ -379,7 +379,7 @@ Before you start creating and configuring an Azure AD application, ensure that y


 ### Step 1. Create and configure Azure AD application
-In this step, we will create and configure Netbird application in azure AD.
+In this step, we will create and configure NetBird application in azure AD.
 - Navigate to [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)
 - Click `App Registrations` in the left menu then click on the `+ New registration` button to create a new application.
 - Fill in the form with the following values and click Register
@@ -388,7 +388,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Redirect URI: select `Single-page application (SPA)` and URI as `https://<yournetbirddomain.com>/silent-auth`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-new-application.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-new-application.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 2. Platform configurations
@@ -396,13 +396,13 @@ In this step, we will create and configure Netbird application in azure AD.
 - Under the `Single-page application` Section, add another URI `https://<yournetbirddomain.com>/auth`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-spa-uri-setup.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Scroll down and setup other options as on the screenshot below and click Save

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-flows-setup.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-flows-setup.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 3. Create a NetBird application scope
@@ -413,7 +413,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Scope name: `api`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-add-scope.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-add-scope.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Under `Authorized client Applications`, click on `+ add a client application` and enter the following:
@@ -421,7 +421,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Client ID: same as your Application ID URI minus the `api://`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-add-application-scope.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-add-application-scope.png" alt="high-level-dia" class="imagewrapper"/>
 </p>


@@ -432,7 +432,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Click `My APIs` tab, and select `Netbird`. Next check `api` permission checkbox and click `Add permissions`.

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-netbird-api-permisssions.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-netbird-api-permisssions.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Add `Delagated permissions` to Microsoft Graph
@@ -440,7 +440,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Click `Microsoft Graph` and then click `Delagated permissions` tab  and check all permissions under the `OpenId permissions` section and click  `Add permissions`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-openid-permissions.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-openid-permissions.png" alt="high-level-dia" class="imagewrapper"/>
 </p>


@@ -450,19 +450,19 @@ In this step, we will create and configure Netbird application in azure AD.
 - Search for `User.ReadWrite.All` and under `User` sections  and check `User.ReadWrite.All` checkbox  section

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-user-permissions.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-user-permissions.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Search for `Application.ReadWrite.All` and under `Application` sections  and check `Application.ReadWrite.All` checkbox  section and click `Add permissions`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-applications-permissions.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-applications-permissions.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Click `Grant admin conset for Default Directory` and click `Yes`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-grant-admin-conset.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-grant-admin-conset.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 5. Update token version
@@ -478,7 +478,7 @@ In this step, we will create and configure Netbird application in azure AD.
 - Copy `Value` and save it as it can be viewed only once after creation.

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/azure-client-secret.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/azure-client-secret.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Your authority OIDC configuration will be available under:
@@ -501,7 +501,7 @@ NETBIRD_AUTH_SILENT_REDIRECT_URI="/silent-auth"
 NETBIRD_AUTH_USER_ID_CLAIM="oid"
 ```

- You can now continue with the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide#step-3-configure-identity-provider/docs/selfhosted/selfhosted-guide#step-3-configure-identity-provider).
+- You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-3-configure-identity-provider/selfhosted/selfhosted-guide#step-3-configure-identity-provider).

 - Set property `IdpManagerConfig` in the `management.json` file with:
 <Note>
@@ -528,7 +528,7 @@ NETBIRD_AUTH_USER_ID_CLAIM="oid"

 ## Zitadel

-This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide) and explains how to integrate
+This guide is a part of the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide) and explains how to integrate
 **self-hosted** NetBird with [Zitadel](https://zitadel.com).

 <Note>
@@ -537,7 +537,7 @@ This guide is a part of the [NetBird Self-hosting Guide](/docs/selfhosted/selfho
 </Note>

 ### Step 1. Create and configure Zitadel application
-In this step, we will create and configure Netbird application in zitadel.
+In this step, we will create and configure NetBird application in zitadel.

 Create new zitadel project
 - Navigate to zitadel console
@@ -546,7 +546,7 @@ Create new zitadel project
 - Name: `NETBIRD`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-new-project.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-project.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Create new zitadel application
@@ -557,14 +557,14 @@ Create new zitadel application
 - TYPE OF APPLICATION: `User Agent`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-new-application.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Fill in the form with the following values and click `Continue`
 - Authentication Method: `PKCE`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-new-application-auth.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-auth.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Fill in the form with the following values and click `Continue`
@@ -572,14 +572,14 @@ Create new zitadel application
 - Post Logout URIs: `https://<domain>/silent-auth` and click `+`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-new-application-uri.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-uri.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Verify applications details and Click `Create` and then click `Close`
 - Check `Refresh Token` checkbox and click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-new-application-overview.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-new-application-overview.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Copy `Client ID` will be used later in the `setup.env`
@@ -597,7 +597,7 @@ To configure `netbird` application token you need to:
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-token-settings.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-token-settings.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 3: Application Redirect Configuration
@@ -616,7 +616,7 @@ To configure `netbird` application redirect you need to:
 - Click `Save`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-redirect-settings.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-redirect-settings.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 4: Create a Service User
@@ -634,7 +634,7 @@ In this step we will create a `netbird` service user.
 - Click `Create`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-create-user.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-create-user.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 In this step we will generate `ClientSecret` for the `netbird` service user.
@@ -643,7 +643,7 @@ In this step we will generate `ClientSecret` for the `netbird` service user.
 - Copy `ClientSecret` from the dialog will be used later to set `ClientSecret` in the `management.json`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-service-user-secret.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-service-user-secret.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 5: Grant manage-users role to netbird service user
@@ -657,7 +657,7 @@ In this step we will grant `Org User Manager` role to `netbird` service user.
 - Click `Add`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/zitadel-service-account-role.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/zitadel-service-account-role.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Your authority OIDC configuration will be available under:
@@ -679,11 +679,11 @@ NETBIRD_AUTH_REDIRECT_URI="/auth"
 NETBIRD_AUTH_SILENT_REDIRECT_URI="/silent-auth"
 ```

- You can now continue with the [NetBird Self-hosting Guide](/docs/selfhosted/selfhosted-guide#step-3-configure-identity-provider).
+- You can now continue with the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide#step-3-configure-identity-provider).

 - Set property `IdpManagerConfig` in the `management.json` file with:
 :::caution
-The file management.json is created automatically. Please refer [here](/docs/selfhosted/selfhosted-guide#step-5-run-configuration-script) for more information.
+The file management.json is created automatically. Please refer [here](/selfhosted/selfhosted-guide#step-5-run-configuration-script) for more information.
 :::

 ```json
@@ -719,7 +719,7 @@ In this step, we will create OAuth2/OpenID Provider in Authentik.
    - type: `OAuth2/OpenID Provider`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-new-provider-type.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-provider-type.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Fill in the form with the following values and click `Finish`
@@ -734,7 +734,7 @@ In this step, we will create OAuth2/OpenID Provider in Authentik.

 Take note of `Client ID`, we will use it later
 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-new-provider-config.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-provider-config.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 2: Create external applications
@@ -749,7 +749,7 @@ In this step, we will create external applications in Authentik.
    - Provider: `Netbird`

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-new-application.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-application.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 3: Create service account
@@ -763,13 +763,13 @@ In this step, we will create service account.
    - Create Group: `Disable`
 
 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-new-service-account.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-service-account.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 - Take note of service account `username` and `password`, we will need it later

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-service-account-details.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-service-account-details.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 ### Step 4: Add service account to admin group
@@ -783,7 +783,7 @@ In this step, we will add `Netbird` service account to `authentik Admins` group.
 - Disable `Hide service-accounts` and verify if user `Netbird` is added to the group

 <p>
-    <img src="/img/integrations/identity-providers/self-hosted/authentik-add-user-group.png" alt="high-level-dia" class="imagewrapper"/>
+    <img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-add-user-group.png" alt="high-level-dia" class="imagewrapper"/>
 </p>

 Your authority OIDC configuration will be available under:
--- a/src/pages/docs/selfhosted/selfhosted-guide.mdx
+++ b/src/pages/docs/selfhosted/selfhosted-guide.mdx
@@ -6,7 +6,7 @@ NetBird is open-source and can be self-hosted on your servers.
 It relies on components developed by NetBird Authors [Management Service](https://github.com/netbirdio/netbird/tree/main/management), [Management UI Dashboard](https://github.com/netbirdio/dashboard), [Signal Service](https://github.com/netbirdio/netbird/tree/main/signal),
 a 3rd party open-source STUN/TURN service [Coturn](https://github.com/coturn/coturn), and an identity provider (available options will be listed later in this guide).

-If you would like to learn more about the architecture please refer to the [Architecture section](/overview/architecture).
+If you would like to learn more about the architecture please refer to the [Architecture section](/about-netbird/how-netbird-works).

 <Note>
    It might be a good idea to try NetBird before self-hosting.