docs: split out self-hosting into new section (#4903)

* docs: split out self-hosting into section

* check for broken links

* fix netlify proxy forward

* use full path

CONTRIBUTING.md

@@ -290,7 +290,7 @@ You may edit the texts in these files or create a new file for additional langua
 ## Want to start ZITADEL?
 
 You can find an installation guide for all the different environments here:
-[https://zitadel.com/docs/guides/deploy/overview](https://zitadel.com/docs/guides/deploy/overview)
+[https://zitadel.com/docs/self-hosting/deploy/overview](https://zitadel.com/docs/self-hosting/deploy/overview)
 
 ## **Did you find a security flaw?**
 

README.md

@@ -49,13 +49,13 @@ With ZITADEL you can rely on a hardened and extensible turnkey solution to solve
 
 Deploying ZITADEL locally takes less than 3 minutes. So go ahead and give it a try!
 
-* [Linux](https://zitadel.com/docs/guides/deploy/linux)
-* [MacOS](https://zitadel.com/docs/guides/deploy/macos)
-* [Docker compose](https://zitadel.com/docs/guides/deploy/compose)
-* [Knative](https://zitadel.com/docs/guides/deploy/knative)
-* [Kubernetes](https://zitadel.com/docs/guides/deploy/kubernetes)
+* [Linux](https://zitadel.com/docs/self-hosting/deploy/linux)
+* [MacOS](https://zitadel.com/docs/self-hosting/deploy/macos)
+* [Docker compose](https://zitadel.com/docs/self-hosting/deploy/compose)
+* [Knative](https://zitadel.com/docs/self-hosting/deploy/knative)
+* [Kubernetes](https://zitadel.com/docs/self-hosting/deploy/kubernetes)
 
-See all guides [here](https://zitadel.com/docs/guides/deploy/overview)
+See all guides [here](https://zitadel.com/docs/self-hosting/deploy/overview)
 
 > If you are interested to get professional support for your self-hosted ZITADEL [please reach out to us](https://zitadel.com/contact)!
 
@@ -93,7 +93,7 @@ Yet it offers everything you need for a customer identity (CIAM) use case.
 - [Self-service](https://zitadel.com/docs/concepts/features/selfservice) for end-users, business customers, and administrators
 - [OpenID Connect certified](https://openid.net/certification/#OPs) => [OIDC Endpoints](https://zitadel.com/docs/apis/openidoauth/endpoints),  [OIDC Integration Guides](https://zitadel.com/docs/guides/integrate/auth0-oidc)
 - [SAML 2.0](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) => [SAML Endpoints](https://zitadel.com/docs/apis/saml/endpoints), [SAML Integration Guides](https://zitadel.com/docs/guides/integrate/auth0-saml)
-- [Postgres](https://zitadel.com/docs/guides/manage/self-hosted/database#postgres) (version >= 14) or [CockroachDB](https://zitadel.com/docs/guides/manage/self-hosted/database#cockroach) (version >= 22.0)
+- [Postgres](https://zitadel.com/docs/self-hosting/manage/database#postgres) (version >= 14) or [CockroachDB](https://zitadel.com/docs/self-hosting/manage/database#cockroach) (version >= 22.0)
 
 Track upcoming features on our [roadmap](https://zitadel.com/roadmap).
 

docs/docs/apis/observability/metrics.md

@@ -6,6 +6,6 @@ ZITADEL provides a `metrics` endpoint with the help of the [opentelemetry-go](ht
 
 Self-hosting customers can access this endpoint with on the path `/debug/metrics`. For example when running ZITADEL locally its is accessible on `http://localhost:8080/debug/metrics`. The metrics endpoint can be scrubbed by any tool of choice that supports the `otel` format, e.g  an existing Prometheus.
 
-For our [Kubernetes/Helm](../../guides/deploy/kubernetes) users, we provide an out of the box support for the [ServiceMonitor](https://github.com/zitadel/zitadel-charts/blob/main/charts/zitadel/templates/servicemonitor.yaml) custom resource.
+For our [Kubernetes/Helm](/docs/self-hosting/deploy/kubernetes) users, we provide an out of the box support for the [ServiceMonitor](https://github.com/zitadel/zitadel-charts/blob/main/charts/zitadel/templates/servicemonitor.yaml) custom resource.
 
-By default, metrics are enabled but can be turned of through ZITADEL's [configuration](../../guides/manage/self-hosted/configure). The (default) configuration is located in the [defaults.yaml](https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml).
+By default, metrics are enabled but can be turned of through ZITADEL's [configuration](/docs/self-hosting/manage/configure). The (default) configuration is located in the [defaults.yaml](https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml).

docs/docs/concepts/architecture/secrets.md

@@ -91,16 +91,16 @@ By default ZITADEL uses `RSA256` for signing purposes and `AES256` for encryptio
 ### Masterkey
 
 Since the Masterkey is used as means of protecting the Secrets Storage it cannot be stored in the storage.
-You find [here the many ways how ZITADEL can consume the Masterkey](../../guides/manage/self-hosted/configure).
+You find [here the many ways how ZITADEL can consume the Masterkey](/docs/self-hosting/manage/configure).
 
 ### TLS Material
 
 ZITADEL does support end to end TLS as such it can consume TLS Key Material.
-Please check our [TLS Modes documentation](../../guides/manage/self-hosted/tls_modes) for more details.
+Please check our [TLS Modes documentation](/docs/self-hosting/manage/tls_modes) for more details.
 
 ### Admin User
 
-The initial Admin User of ZITADEL can be configured through [ZITADELs config options](../../guides/manage/self-hosted/configure).
+The initial Admin User of ZITADEL can be configured through [ZITADELs config options](/docs/self-hosting/manage/configure).
 
 :::info
 To prevent elevated breaches ZITADEL forces the Admin Users password to be changed during the first login.

docs/docs/concepts/architecture/solution.md

@@ -72,7 +72,7 @@ The common update involves the following steps and do not need manual interventi
 - As soon as the new version is ready to accept traffic it will signal this on the readiness endpoint `/debug/ready` 
 - At this point your network infrastructure can send traffic to the new version
 
-Users who use [Kubernetes/Helm](../../guides/deploy/kubernetes) or serverless container services like Google Cloud Run can benefit from the fact the above process is automated.
+Users who use [Kubernetes/Helm](/docs/self-hosting/deploy/kubernetes) or serverless container services like Google Cloud Run can benefit from the fact the above process is automated.
 
 :::info
 As a good practice we recommend creating Database Backups prior to an update.

docs/docs/guides/integrate/access-zitadel-system-api.md

@@ -9,7 +9,7 @@ The ZITADEL System API is currently only available for ZITADEL Self-Hosted deplo
 ## System API User
 
 The System API works superordinate over all instances. Therefore, you need to define a separate users to get access to this API.
-You can do so by customizing the [runtime configuration](/guides/manage/self-hosted/configure#runtime-configuration).
+You can do so by customizing the [runtime configuration](/self-hosting/manage/configure#runtime-configuration).
 
 To authenticate the user a self-signed JWT will be created and utilized.
 

docs/docs/guides/manage/self-hosted/reverseproxy/_more.mdx

@@ -1,4 +0,0 @@
-## More information
-
-- [You can read here about the TLS Modes](/guides/manage/self-hosted/tls_modes)
-- [And here about how ZITADEL makes use of HTTP/2](/guides/manage/self-hosted/http2)

docs/docs/guides/start/_local_instance.mdx

@@ -1 +1 @@
-If you choose to run a local instance have a look at our [deploy](../deploy/overview) section, where we show you different possibilities on how to run ZITADEL.
+If you choose to run a local instance have a look at our [deploy](/self-hosting/deploy/overview) section, where we show you different possibilities on how to run ZITADEL.

docs/docs/guides/start/quickstart.mdx

@@ -29,7 +29,7 @@ Chose [ZITADEL Cloud](../manage/cloud/overview) if you want:
 - Global scalability without the headache of running
 - Data residency compliance for your customers
 
-Chose [ZITADEL Self-Hosted](../deploy/overview) if you want:
+Chose [ZITADEL Self-Hosted](/self-hosting/deploy/overview) if you want:
 
 - Total control over all components and your data
 - Run ZITADEL in air gapped or regulated environemnts
@@ -78,4 +78,4 @@ This takes place in the ZITADEL Console
 ZITADEL allows you to give other users control over the ZITADEL Console. The manager role can be restricted to some kind of write and/or read.
 This is especially useful for direct administration over several users. You can have managers able to edit project settings and others able to create/add users only.
 
-> Note: ZITADEL Managers are located on the right side panel of the ZITADEL Console.
+> Note: ZITADEL Managers are located on the right side panel of the ZITADEL Console.

docs/docs/self-hosting/deploy/_next.mdx

@@ -1,9 +1,9 @@
 
 ## What's next
 
-For running a production grade ZITADEL instance in your environment, go on with the [configure ZITADEL](/guides/manage/self-hosted/configure) section.
+For running a production grade ZITADEL instance in your environment, go on with the [configure ZITADEL](/self-hosting/manage/configure) section.
 
 :::caution
 
 <!-- TODO: Better mark the link in the UI -->
-The ZITADEL management console [requires end-to-end HTTP/2 support](/guides/manage/self-hosted/http2)
+The ZITADEL management console [requires end-to-end HTTP/2 support](/self-hosting/manage/http2)

docs/docs/self-hosting/deploy/compose.mdx

@@ -21,7 +21,7 @@ By executing the commands below, you will download the following file:
 
 ```bash
 # Download the docker compose example configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/docker-compose.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml
 
 # Run the database and application containers.
 docker compose up --detach
@@ -42,7 +42,7 @@ By executing the commands below, you will download the following file:
 
 ```bash
 # Download the docker compose example configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/docker-compose-sa.yaml -O docker-compose.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose-sa.yaml -O docker-compose.yaml
 
 # Run the database and application containers.
 docker compose up --detach
@@ -51,7 +51,7 @@ docker compose up --detach
 mv ./machinekey/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
 ```
 
-This key can be used to provision resources with for example [Terraform](../manage/terraform/basics.md).
+This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform/basics.md).
 
 <Next components={props.components} />
 <Disclaimer components={props.components} />

docs/docs/self-hosting/deploy/kubernetes.mdx

@@ -67,7 +67,7 @@ When helm is done, you get a command to retrieve your machine key, which is save
 kubectl -n zitadel get secret zitadel-admin-sa -o jsonpath='{ .data.zitadel-admin-sa\.json }' | base64 -D
 ```
 
-This key can be used to provision resources with for example [Terraform](../manage/terraform/basics.md).
+This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform/basics.md).
 
 ### Forward the ZITADEL service port to your local machine
 

docs/docs/self-hosting/deploy/linux.mdx

@@ -50,7 +50,7 @@ ZITADEL_EXTERNALSECURE=false ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH=/tmp/zitadel-a
 mv /tmp/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
 ```
 
-This key can be used to provision resources with for example [Terraform](../manage/terraform/basics.md).
+This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform/basics.md).
 
 <Next components={props.components} />
 <Disclaimer components={props.components} />

docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx

@@ -38,19 +38,19 @@ By executing the commands below, you will download the following files:
 
 ```bash
 # Download the docker compose example configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/loadbalancing-example/docker-compose.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
 
 # Download the Traefik example configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/loadbalancing-example/example-traefik.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml
 
 # Download and adjust the example configuration file containing standard configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/loadbalancing-example/example-zitadel-config.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
 
 # Download and adjust the example configuration file containing secret configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/loadbalancing-example/example-zitadel-secrets.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-secrets.yaml
 
 # Download and adjust the example configuration file containing database initialization configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
 
 # A single ZITADEL instance always needs the same 32 characters long masterkey
 # If you haven't done so already, you can generate a new one.

docs/docs/self-hosting/deploy/macos.mdx

@@ -57,7 +57,7 @@ ZITADEL_EXTERNALSECURE=false ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH=/tmp/zitadel-a
 mv /tmp/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
 ```
 
-This key can be used to provision resources with for example [Terraform](../manage/terraform/basics.md).
+This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform/basics.md).
 
 <Next components={props.components} />
 <Disclaimer components={props.components} />

docs/docs/self-hosting/deploy/overview.mdx

@@ -27,7 +27,7 @@ The easiest way to use ZITADEL is to run one of our container releases
 
 As soon as you successfully created your first test environment using one of the deployment guides in this section,
 you might want to configure ZITADEL for production and embed it into your system landscape.
-To do so, jump straight to the [production setup guide](../manage/self-hosted/production).
+To do so, jump straight to the [production setup guide](/docs/self-hosting//manage/production).
 
 To achieving high availability, we recommend to use a [Kubernetes](https://kubernetes.io/docs/home/) Cluster.
 We have an official [Helm chart](https://artifacthub.io/packages/helm/zitadel/zitadel) for easy deployment and maintenance.

docs/docs/self-hosting/manage/configure/_compose.mdx

@@ -23,16 +23,16 @@ By executing the commands below, you will download the following files:
 
 ```bash
 # Download the docker compose example configuration for a secure CockroachDB.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/docker-compose.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/docker-compose.yaml
 
 # Download and adjust the example configuration file containing standard configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-config.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-config.yaml
 
 # Download and adjust the example configuration file containing secret configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-secrets.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-secrets.yaml
 
 # Download and adjust the example configuration file containing database initialization configuration.
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-init-steps.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-init-steps.yaml
 
 # A single ZITADEL instance always needs the same 32 characters long masterkey
 # If you haven't done so already, you can generate a new one

docs/docs/self-hosting/manage/configure/_helm.mdx

@@ -5,7 +5,7 @@ import ExampleZITADELValuesSecretsSource from '!!raw-loader!./example-zitadel-va
 By default, the chart installs a secure ZITADEL and CockroachDB.
 The example files makes an insecure ZITADEL accessible by port forwarding the ZITADEL service to localhost.
 For more configuration options, [go to the chart repo descriptions](https://github.com/zitadel/zitadel-charts).
-For a secure installation with Docker Compose, [go to the loadbalancing example](../../deploy/loadbalancing-example)
+For a secure installation with Docker Compose, [go to the loadbalancing example](/self-hosting/deploy/loadbalancing-example)
 
 By executing the commands below, you will download the following files:
 
@@ -18,10 +18,10 @@ By executing the commands below, you will download the following files:
 
 ```bash
 # Download and adjust the example configuration file containing standard configuration
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-values.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-values.yaml
 
 # Download and adjust the example configuration file containing secret configuration
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-values-secrets.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-values-secrets.yaml
 
 # Install an insecure zitadel release that works with localhost
 helm install --namespace zitadel --create-namespace my-zitadel zitadel/zitadel \

docs/docs/self-hosting/manage/configure/_linuxunix.mdx

@@ -19,13 +19,13 @@ By executing the commands below, you will download the following files:
 
 ```bash
 # Download and adjust the example configuration file containing standard configuration
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-config.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-config.yaml
 
 # Download and adjust the example configuration file containing secret configuration
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-secrets.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-secrets.yaml
 
 # Download and adjust the example configuration file containing database initialization configuration
-wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/guides/manage/self-hosted/configure/example-zitadel-init-steps.yaml
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/production/example-zitadel-init-steps.yaml
 
 # A single ZITADEL instance always needs the same 32 characters long masterkey
 # If you haven't done so already, you can generate a new one

docs/docs/self-hosting/manage/configure/configure.mdx

@@ -10,7 +10,7 @@ import Helm from './_helm.mdx'
 
 # Configure ZITADEL
 
-This guide assumes you are already familiar with [running ZITADEL with the most minimal configuration possible](../../deploy/overview).
+This guide assumes you are already familiar with [running ZITADEL with the most minimal configuration possible](/docs/self-hosting/deploy/overview).
 
 ## Configuration Files
 
@@ -72,7 +72,7 @@ This is the IAM admin users login according to your configuration in the [exampl
 
 ## What's next
 
-- Read more about [the login process](../../../manuals/user-login).
+- Read more about [the login process](/manuals/user-login).
 - If you want to run ZITADEL in production, you most certainly need to [customize your own domain](./custom-domain).
 - Check out all possible [runtime configuration properties and their defaults in the source code](https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml)
 - Check out all possible [setup step configuration properties and their defaults in the source code](https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml)
@@ -80,4 +80,4 @@ This is the IAM admin users login according to your configuration in the [exampl
 :::caution
 
 <!-- TODO: Better mark the link in the UI -->
-The ZITADEL management console [requires end-to-end HTTP/2 support](/guides/manage/self-hosted/http2)
+The ZITADEL management console [requires end-to-end HTTP/2 support](/docs/self-hosting/manage/http2)

docs/docs/self-hosting/manage/custom-domain.md

@@ -27,4 +27,4 @@ In this case the `ExternalDomain`-field of the configuration is used.
 
 ## Example
 
-Go to the [loadbalancing example with Traefik](../../deploy/loadbalancing-example) for seeing a working example configuration.
+Go to the [loadbalancing example with Traefik](/docs/self-hosting/deploy/loadbalancing-example) for seeing a working example configuration.

docs/docs/self-hosting/manage/http2.mdx

@@ -12,4 +12,4 @@ Sometimes you need to configure explicitly that you want to use HTTP/2 if you ru
 Furthermore it is important to notice that by default HTTP/2 is always encrypted, but if you want to run ZITADEL without TLS from your reverse proxy or service mesh this is possible through [h2c](https://httpd.apache.org/docs/2.4/howto/http2.html).
 Oftentimes when you run ZITADEL inside a service mesh, or a servelerss offering (e.g. Google Cloud Run, Knative, ...) you will need h2c.
 
-You can read more about ZITADEL's [TLSs modes here](/guides/manage/self-hosted/tls_modes).
+You can read more about ZITADEL's [TLSs modes here](/self-hosting/manage/tls_modes).

docs/docs/self-hosting/manage/production.md

@@ -2,23 +2,23 @@
 title: Production Checklist
 ---
 
-As soon as you successfully deployed ZITADEL as a proof of concept using one of our [deployment guides](/guides/deploy/overview),
+As soon as you successfully deployed ZITADEL as a proof of concept using one of our [deployment guides](/docs/self-hosting/deploy/overview),
 you are ready to configure ZITADEL for production usage.
 
 ## High Availability
 
-We recommend running ZITADEL highly available using an orchestrator that schedules ZITADEL on multiple servers, like [Kubernetes](/guides/deploy/kubernetes). For keeping startup times fast when scaling ZITADEL, you should also consider using separate jobs with `zitadel init` and `zitadel setup`, so your workload containers just have to execute `zitadel start`.
+We recommend running ZITADEL highly available using an orchestrator that schedules ZITADEL on multiple servers, like [Kubernetes]/docs/self-hosting/deploy/kubernetes). For keeping startup times fast when scaling ZITADEL, you should also consider using separate jobs with `zitadel init` and `zitadel setup`, so your workload containers just have to execute `zitadel start`.
 
 ## Configuration
 
-Read [on the configure page](/guides/manage/self-hosted/configure) about the available options you have to configure ZITADEL.
+Read [on the configure page](/docs/self-hosting/manage/configure) about the available options you have to configure ZITADEL.
 
 ## Networking
 
-- To make ZITADEL available at the domain of your choice, [you need to configure the ExternalDomain property](/guides/manage/self-hosted/custom-domain).
-- To enable and restrict access to **HTTPS**, head over to [the description of your TLS options](/guides/manage/self-hosted/tls_modes).
-- If you want to front ZITADEL with a reverse proxy, web application firewall or content delivery network, make sure to support **[HTTP/2](/guides/manage/self-hosted/http2)**.
-- You can also refer to some **[example reverse proxy configurations](/guides/manage/self-hosted/reverseproxy/reverse_proxy)**.
+- To make ZITADEL available at the domain of your choice, [you need to configure the ExternalDomain property](/docs/self-hosting/manage/custom-domain).
+- To enable and restrict access to **HTTPS**, head over to [the description of your TLS options](/docs/self-hosting/manage/tls_modes).
+- If you want to front ZITADEL with a reverse proxy, web application firewall or content delivery network, make sure to support **[HTTP/2](/docs/self-hosting/manage/http2)**.
+- You can also refer to some **[example reverse proxy configurations](/docs/self-hosting/manage/reverseproxy/reverse_proxy)**.
 - The ZITADEL Console web GUI uses many gRPC-Web stubs. This results in a fairly big JavaScript bundle. You might want to compress it using [Gzip](https://www.gnu.org/software/gzip/) or [Brotli](https://github.com/google/brotli).
 - Serving and caching the assets using a content delivery network could improve network latencies and shield your ZITADEL runtime.
 
@@ -48,7 +48,7 @@ Also, if you are concerned about multi-regional data locality,
 
 ### Configure ZITADEL
 
-Depending on your environment, you maybe would want to tweak some settings about how ZITADEL interacts with the database in the database section of your ZITADEL configuration. Read more about your [database configuration options](/guides/manage/self-hosted/database).
+Depending on your environment, you maybe would want to tweak some settings about how ZITADEL interacts with the database in the database section of your ZITADEL configuration. Read more about your [database configuration options](/docs/self-hosting/manage/database).
 
 ```yaml
 Database:
@@ -126,7 +126,7 @@ DefaultInstance:
     FromName:
 ```
 
-- If you don't want to use the DefaultInstance configuration for the first instance that ZITADEL automatically creates for you during the [setup phase](/guides/manage/self-hosted/configure#database-initialization), you can provide a FirstInstance YAML section using the --steps argument.
+- If you don't want to use the DefaultInstance configuration for the first instance that ZITADEL automatically creates for you during the [setup phase](/self-hosting/manage/configure#database-initialization), you can provide a FirstInstance YAML section using the --steps argument.
 - Learn how to configure ZITADEL via the [Console user interface](/guides/manage/console/overview).
 - Probably, you also want to [apply your custom branding](/guides/manage/customize/branding), [hook into certain events](/guides/manage/customize/behavior), [customize texts](/guides/manage/customize/texts) or [add metadata to your users](/guides/manage/customize/user-metadata).
 - If you want to automatically create ZITADEL resources, you can use the [ZITADEL Terraform Provider](/guides/manage/terraform/basics).

docs/docs/self-hosting/manage/reverseproxy/_cloudflare.mdx

@@ -3,7 +3,7 @@
 - [Make sure HTTP/2 is enabled](https://support.cloudflare.com/hc/en-us/articles/200168076-Understanding-Cloudflare-HTTP-2-and-HTTP-3-Support)
 - [Verify that gRPC is enabled](https://support.cloudflare.com/hc/en-us/articles/360050483011-Understanding-Cloudflare-gRPC-support)
 - [Verify that traffic is proxied through cloudflare](https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/)
-- [Configure ZITADEL to use the TLS Mode enabled](/guides/manage/self-hosted/tls_modes#enabled)
+- [Configure ZITADEL to use the TLS Mode enabled](/self-hosting/manage/tls_modes#enabled)
 
 :::info
 [Cloudflare does only support gRPC with TLS!](https://support.cloudflare.com/hc/en-us/articles/360050483011-Understanding-Cloudflare-gRPC-support)

docs/docs/self-hosting/manage/reverseproxy/_more.mdx

@@ -0,0 +1,4 @@
+## More information
+
+- [You can read here about the TLS Modes](/self-hosting/manage/tls_modes)
+- [And here about how ZITADEL makes use of HTTP/2](/self-hosting/manage/http2)

docs/docs/self-hosting/manage/tls_modes.mdx

@@ -55,4 +55,4 @@ Be aware this is not a secure setup and should only be used for test systems!
 ## HTTP/2
 
 To allow ZITADEL to function properly please make sure that HTTP/2 is enabled. If you are using the mode `external` or `disabled` make sure to verify h2c compatibilty.
-You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/guides/manage/self-hosted/http2).
+You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/self-hosting/manage/http2).

docs/docusaurus.config.js

@@ -65,6 +65,12 @@ module.exports = {
           docId: "apis/introduction",
           position: "left",
         },
+        {
+          type: "doc",
+          label: "Self-Hosting",
+          docId: "self-hosting/deploy/overview",
+          position: "left",
+        },
         {
           type: "doc",
           docId: "concepts/introduction",

docs/netlify.toml

@@ -1,3 +1,15 @@
+[[redirects]]
+  from = "/docs/guides/deploy/*"
+  to = "/docs/self-hosting/deploy/:splat"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "/docs/guides/manage/self-hosted/*"
+  to = "/docs/self-hosting/manage/:splat"
+  status = 301
+  force = true
+
 # This is a workaround to address the problem around the baseUrl from docusaurus
 # Be aware that this prevents the usage of the path /docs/docs
 [[redirects]]

docs/sidebars.js

@@ -43,20 +43,6 @@ module.exports = {
       collapsed: false,
       items: ["guides/start/quickstart"],
     },
-    {
-      type: "category",
-      label: "Deploy",
-      collapsed: false,
-      items: [
-        "guides/deploy/overview",
-        "guides/deploy/linux",
-        "guides/deploy/macos",
-        "guides/deploy/compose",
-        "guides/deploy/knative",
-        "guides/deploy/kubernetes",
-        "guides/deploy/loadbalancing-example/loadbalancing-example",
-      ],
-    },
     {
       type: "category",
       label: "Manage",
@@ -74,19 +60,6 @@ module.exports = {
             "guides/manage/cloud/support",
           ],
         },
-        {
-          type: "category",
-          label: "Self-Hosted",
-          items: [
-            "guides/manage/self-hosted/production",
-            "guides/manage/self-hosted/configure/configure",
-            "guides/manage/self-hosted/reverseproxy/reverse_proxy",
-            "guides/manage/self-hosted/custom-domain",
-            "guides/manage/self-hosted/http2",
-            "guides/manage/self-hosted/tls_modes",
-            "guides/manage/self-hosted/database/database",
-          ],
-        },
         {
           type: "category",
           label: "Console",
@@ -275,6 +248,36 @@ module.exports = {
       items: ["apis/ratelimits/ratelimits", "legal/rate-limit-policy"],
     },
   ],
+  selfHosting: [
+    {
+      type: "category",
+      label: "Deploy",
+      collapsed: false,
+      items: [
+        "self-hosting/deploy/overview",
+        "self-hosting/deploy/linux",
+        "self-hosting/deploy/macos",
+        "self-hosting/deploy/compose",
+        "self-hosting/deploy/knative",
+        "self-hosting/deploy/kubernetes",
+        "self-hosting/deploy/loadbalancing-example/loadbalancing-example",
+      ],
+    },
+    {
+      type: "category",
+      label: "Manage",
+      collapsed: false,
+      items: [
+        "self-hosting/manage/production",
+        "self-hosting/manage/configure/configure",
+        "self-hosting/manage/reverseproxy/reverse_proxy",
+        "self-hosting/manage/custom-domain",
+        "self-hosting/manage/http2",
+        "self-hosting/manage/tls_modes",
+        "self-hosting/manage/database/database",
+      ],
+    },
+  ],
   concepts: [
     "concepts/introduction",
     "concepts/principles",

docs/src/pages/index.js

@@ -72,7 +72,7 @@ const features = [
               description=""
             />
             <ListElement
-              link="/docs/guides/deploy/overview"
+              link="/docs/self-hosting/deploy/overview"
               type={ICONTYPE.SYSTEM}
               title="Deploy"
               description=""