diff --git a/Dockerfile b/Dockerfile
index 3035621..1215fea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,22 @@
 FROM vaultwarden/server:1.27.0
 
+
+RUN apt update && \
+    apt install -y \
+    tini \
+    nginx-core; \
+    apt clean; \
+    rm -rf \
+    /tmp/* \
+    /var/lib/apt/lists/* \
+    /var/tmp/*
+RUN mkdir /run/nginx
+
+
 # arm64 or amd64
 ARG PLATFORM
+ENV YQ_VER v4.3.2
+RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_${PLATFORM} -o /usr/local/bin/yq \
+    && chmod a+x /usr/local/bin/yq
 
-RUN apt-get update && apt-get install -y wget tini
-RUN wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq
-ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
-ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"]
+COPY --chmod=755 ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
diff --git a/Makefile b/Makefile
index aded261..cf0cf72 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,3 @@
-DOC_ASSETS := $(shell find ./docs/assets)
 PKG_VERSION := $(shell cat manifest.json | jq -r '.version')
 PKG_ID := $(shell cat manifest.json | jq -r '.id')
 TS_FILES := $(shell find ./ -name \*.ts)
@@ -7,12 +6,17 @@ TS_FILES := $(shell find ./ -name \*.ts)
 
 all: verify
 
-# assumes /etc/embassy/config.yaml exists on local system with `host: "http://embassy-server-name.local"` configured
-install: $(PKG_ID).s9pk
-	embassy-cli package install $(PKG_ID).s9pk
-
 verify: $(PKG_ID).s9pk
-	embassy-sdk verify s9pk $(PKG_ID).s9pk
+	@embassy-sdk verify s9pk $(PKG_ID).s9pk
+	@echo " Done!"
+	@echo "   Filesize: $(shell du -h $(PKG_ID).s9pk) is ready"
+
+install:
+ifeq (,$(wildcard ~/.embassy/config.yaml))
+	@echo; echo "You must define \"host: http://embassy-server-name.local\" in ~/.embassy/config.yaml config file first"; echo
+else
+	embassy-cli package install $(PKG_ID).s9pk
+endif
 
 clean:
 	rm -rf docker-images
@@ -20,17 +24,29 @@ clean:
 	rm -f image.tar
 	rm -f scripts/*.js
 
-$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/aarch64.tar docker-images/x86_64.tar
-	if ! [ -z "$(ARCH)" ]; then cp docker-images/$(ARCH).tar image.tar; fi
-	embassy-sdk pack
-
- docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json
+$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js  docker-images/x86_64.tar docker-images/aarch64.tar
+ifeq ($(ARCH),aarch64)
+	@echo "embassy-sdk: Preparing aarch64 package ..."
+else ifeq ($(ARCH),x86_64)
+	@echo "embassy-sdk: Preparing x86_64 package ..."
+else
+	@echo "embassy-sdk: Preparing Universal Package ..."
+endif
+	@embassy-sdk pack
+
+docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json
+ifeq ($(ARCH),x86_64)
+else
 	mkdir -p docker-images
 	DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=arm64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/arm64/v8 -o type=docker,dest=docker-images/aarch64.tar -f Dockerfile .
+endif
 
- docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json
+docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json
+ifeq ($(ARCH),aarch64)
+else
 	mkdir -p docker-images
 	DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=amd64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/amd64 -o type=docker,dest=docker-images/x86_64.tar -f Dockerfile .
+endif
 
 scripts/embassy.js: $(TS_FILES) scripts/generated/manifest.ts
 	deno bundle scripts/embassy.ts scripts/embassy.js
diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh
index 81ebe85..6698793 100755
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
@@ -1,15 +1,71 @@
 #!/bin/sh
-ADMIN_TOKEN=`yq e '.admin-token' /data/start9/config.yaml`
+ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml)
 echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env
-echo "version: 2" > /data/start9/stats.yaml
-echo "data:" >> /data/start9/stats.yaml
-echo "  \"Admin Token\":" >> /data/start9/stats.yaml
-echo "    type: string" >> /data/start9/stats.yaml
-echo "    value: \"${ADMIN_TOKEN}\"" >> /data/start9/stats.yaml
-echo "    description: \"Authentication token for logging into your admin dashboard.\"" >> /data/start9/stats.yaml
-echo "    copyable: true" >> /data/start9/stats.yaml
-echo "    qr: false" >> /data/start9/stats.yaml
-echo "    masked: true" >> /data/start9/stats.yaml
-
-# /usr/bin/dumb-init --
+cat << EOF >> /.env
+PASSWORD_ITERATIONS=2000000
+EOF
+
+cat << EOF > /data/start9/stats.yaml
+version: 2
+data:
+  "Admin Token":
+    type: string
+    value: "$ADMIN_TOKEN"
+    description: "Authentication token for logging into your admin dashboard."
+    copyable: true
+    qr: false
+    masked: true
+EOF
+
+CONF_FILE="/etc/nginx/conf.d/default.conf"
+NGINX_CONF='
+server {
+    ##
+    # `gzip` Settings
+    #
+    #
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_min_length 256;
+    gzip_types
+    application/atom+xml
+    application/geo+json
+    application/javascript
+    application/x-javascript
+    application/json
+    application/ld+json
+    application/manifest+json
+    application/rdf+xml
+    application/rss+xml
+    application/xhtml+xml
+    application/xml
+    font/eot
+    font/otf
+    font/ttf
+    image/svg+xml
+    text/css
+    text/javascript
+    text/plain
+    text/xml;
+    listen 3443 ssl;
+    listen 8080;
+    ssl_certificate /mnt/cert/main.cert.pem;
+    ssl_certificate_key /mnt/cert/main.key.pem;
+    server_name  localhost;
+
+    location / {
+        proxy_pass http://0.0.0.0:80;
+    }
+}
+'
+rm /etc/nginx/sites-enabled/default
+echo "$NGINX_CONF" > $CONF_FILE
+
+nginx -g 'daemon off;' &
 exec  tini -p SIGTERM -- /start.sh
diff --git a/manifest.json b/manifest.json
index 24edc49..2cf7ef5 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,8 +1,8 @@
 {
   "id": "vaultwarden",
   "title": "Vaultwarden",
-  "version": "1.27.0.1",
-  "release-notes": "* Use new eOS APIs for backups",
+  "version": "1.27.0.2",
+  "release-notes": "* Using gzip \n * Allow tls/https over onion \n * Set the password iterations to 2_000_000",
   "license": "GPL-3.0",
   "wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper",
   "upstream-repo": "https://github.com/dani-garcia/vaultwarden",
@@ -25,7 +25,8 @@
     "entrypoint": "/usr/local/bin/docker_entrypoint.sh",
     "args": [],
     "mounts": {
-      "main": "/data"
+      "main": "/data",
+      "cert": "/mnt/cert"
     },
     "io-format": "yaml"
   },
@@ -51,6 +52,10 @@
   "volumes": {
     "main": {
       "type": "data"
+    },
+    "cert": {
+      "type": "certificate",
+      "interface-id": "main"
     }
   },
   "alerts": {},
@@ -60,14 +65,15 @@
       "description": "Main user interface for interacting with Vaultwarden in a web browser. Also serves the bitwarden protocol.",
       "tor-config": {
         "port-mapping": {
-          "80": "80",
-          "3012": "3012"
+          "80": "8080",
+          "3012": "3012",
+          "443": "3443"
         }
       },
       "lan-config": {
         "443": {
           "ssl": true,
-          "internal": 80
+          "internal": 8080
         },
         "3012": {
           "ssl": false,