diff --git a/docker-compose.yml b/docker-compose.yml
index 05436d73..404632f4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,300 +1,302 @@
 version: '3'
 services:
   coturn:
     build:
       context: ./docker/coturn/
     container_name: kolab-coturn
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /tmp/turnserver.pid)"
       timeout: 5s
       retries: 30
     environment:
       - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
       - TURN_LISTEN_PORT=3478
       - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
     hostname: sturn.mgmt.com
     image: kolab-coturn
     network_mode: host
     restart: on-failure
   kolab:
     build:
       context: ./docker/kolab/
       args:
         DB_KOLAB_DATABASE: kolab
         DB_KOLAB_USERNAME: kolab
         DB_KOLAB_PASSWORD: ${DB_PASSWORD:?"DB_PASSWORD is missing"}
     container_name: kolab
     privileged: true
     restart: on-failure
     depends_on:
       mariadb:
         condition: service_healthy
       pdns:
         condition: service_healthy
     extra_hosts:
       - "kolab.mgmt.com:127.0.0.1"
       - "services.${APP_DOMAIN}:172.18.0.4"
     environment:
       - APP_DOMAIN=${APP_DOMAIN}
       - LDAP_HOST=127.0.0.1
       - LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
       - LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
       - LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
       - LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
       - DB_HOST=mariadb
       - DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
       - DB_HKCCP_DATABASE=${DB_DATABASE}
       - DB_HKCCP_USERNAME=${DB_USERNAME}
       - DB_HKCCP_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
       - DB_KOLAB_DATABASE=kolab
       - DB_KOLAB_USERNAME=kolab
       - DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
       - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"}
       - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"}
       - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"}
       - IMAP_HOST=127.0.0.1
       - IMAP_PORT=11993
       - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
       - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
       - MAIL_HOST=127.0.0.1
       - MAIL_PORT=10587
     healthcheck:
       interval: 10s
       test: "systemctl is-active kolab-init || exit 1"
       timeout: 5s
       retries: 30
       start_period: 5m
     # This makes docker's dns, resolve via pdns for this container.
     # Please note it does not affect /etc/resolv.conf
     dns: 172.18.0.11
     hostname: kolab.mgmt.com
     image: kolab
     networks:
       kolab:
         ipv4_address: 172.18.0.5
     ports:
       - "12143:12143"
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     volumes:
       - ./ext/:/src/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
       - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
       - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
       - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err}
       - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
       - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err}
       - ./docker/kolab/utils:/root/utils:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
       - imap:/imapdata
       - ldap:/ldapdata
   roundcube:
     build:
       context: ./docker/roundcube/
     container_name: roundcube
     hostname: roundcube.hosted.com
     restart: on-failure
     depends_on:
       mariadb:
         condition: service_healthy
       pdns:
         condition: service_healthy
       kolab:
         condition: service_healthy
     environment:
       - APP_DOMAIN=${APP_DOMAIN}
       - LDAP_HOST=kolab
       - LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
       - LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
       - LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
       - LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
       - DB_HOST=mariadb
       - DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
       - DB_RC_DATABASE=roundcube
       - DB_RC_USERNAME=roundcube
       - DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
       - IMAP_HOST=tls://haproxy
       - IMAP_PORT=145
       - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
       - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
       - MAIL_HOST=tls://kolab
       - MAIL_PORT=10587
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /run/httpd/httpd.pid)"
       timeout: 5s
       retries: 30
     # This makes docker's dns, resolve via pdns for this container.
     # Please note it does not affect /etc/resolv.conf
     dns: 172.18.0.11
     image: roundcube
     networks:
       kolab:
         ipv4_address: 172.18.0.9
     ports:
       - "8001:80"
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     volumes:
       - ./ext/:/src.orig/:ro
   mariadb:
     container_name: kolab-mariadb
     restart: on-failure
     environment:
       - MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
       - TZ="+02:00"
       - DB_HKCCP_DATABASE=${DB_DATABASE}
       - DB_HKCCP_USERNAME=${DB_USERNAME}
       - DB_HKCCP_PASSWORD=${DB_PASSWORD}
     healthcheck:
       interval: 10s
       test: test -e /var/run/mysqld/mysqld.sock
       timeout: 5s
       retries: 30
     image: mariadb:latest
     networks:
-      - kolab
+      kolab:
+        ipv4_address: 172.18.0.3
     volumes:
       - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
       - mariadb:/var/lib/mysql
   haproxy:
     build:
       context: ./docker/haproxy/
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /var/run/haproxy.pid)"
       timeout: 5s
       retries: 30
     container_name: kolab-haproxy
     restart: on-failure
     hostname: haproxy.hosted.com
     image: kolab-haproxy
     networks:
-      - kolab
+      kolab:
+        ipv4_address: 172.18.0.6
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     volumes:
       - ./docker/certs/:/etc/certs/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
   pdns:
     build:
       context: ./docker/pdns/
       args:
         DB_HOST: mariadb
         DB_DATABASE: ${DB_DATABASE:?DB_DATABASE}
         DB_USERNAME: ${DB_USERNAME:?DB_USERNAME}
         DB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD}
     container_name: kolab-pdns
     restart: on-failure
     hostname: pdns
     depends_on:
       mariadb:
         condition: service_healthy
     healthcheck:
       interval: 10s
       test: "systemctl status pdns || exit 1"
       timeout: 5s
       retries: 30
     image: kolab-pdns
     networks:
       kolab:
         ipv4_address: 172.18.0.11
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   redis:
     build:
       context: ./docker/redis/
     healthcheck:
       interval: 10s
       test: "redis-cli ping || exit 1"
       timeout: 5s
       retries: 30
     container_name: kolab-redis
     restart: on-failure
     hostname: redis
     image: redis
     networks:
       - kolab
     volumes:
       - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
   webapp:
     build:
       context: ./docker/webapp/
     container_name: kolab-webapp
     restart: on-failure
     image: kolab-webapp
     healthcheck:
       interval: 10s
       test: "/src/kolabsrc/artisan octane:status || exit 1"
       timeout: 5s
       retries: 30
       start_period: 5m
     depends_on:
       kolab:
         condition: service_healthy
       redis:
         condition: service_healthy
       roundcube:
         condition: service_healthy
     networks:
       kolab:
         ipv4_address: 172.18.0.4
     volumes:
       - ./src:/src/kolabsrc.orig:ro
     ports:
       - "8000:8000"
   meet:
     build:
       context: ./docker/meet/
     container_name: kolab-meet
     restart: on-failure
     healthcheck:
       interval: 10s
       test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1"
       timeout: 5s
       retries: 30
       start_period: 5m
     environment:
       - WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
       - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
       - LISTENING_HOST=${MEET_LISTENING_HOST:?err}
       - LISTENING_PORT=12443
       - TURN_SERVER=${MEET_TURN_SERVER}
       - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
       - AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
       - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
       - WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
       - SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
       - SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
     network_mode: host
     container_name: kolab-meet
     image: kolab-meet
     volumes:
       - ./meet/server:/src/meet/:ro
       - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
       - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
 networks:
   kolab:
     driver: bridge
     ipam:
       config:
         - subnet: "172.18.0.0/24"
 volumes:
   mariadb:
   imap:
   ldap:
diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
index 9c6369f8..c37e4d58 100644
--- a/docker/kolab/Dockerfile
+++ b/docker/kolab/Dockerfile
@@ -1,83 +1,83 @@
 FROM quay.io/centos/centos:stream8
 
 LABEL maintainer="contact@apheleia-it.ch"
 LABEL dist=centos8
 LABEL tier=${TIER}
 
 ENV SYSTEMD_PAGER=''
 ENV DISTRO=centos8
 ENV LANG=en_US.utf8
 ENV LC_ALL=en_US.utf8
 
 # Add EPEL.
 RUN dnf config-manager --set-enabled powertools && \
     dnf -y install \
         epel-release epel-next-release && \
     dnf -y module enable 389-directory-server:stable/default && \
     dnf -y module enable mariadb:10.3 && \
     dnf -y install iputils vim-enhanced bind-utils && \
     dnf clean all
 RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
 
 # Install kolab
 RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \
     rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8stream.rpm
 RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \
     dnf config-manager --enable kolab-16-testing &&\
     dnf -y --setopt tsflags= install kolab patch &&\
     dnf clean all
 
 COPY kolab-init.service /etc/systemd/system/kolab-init.service
 COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
 COPY utils /root/utils
 
 RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
     ln -s /etc/systemd/system/kolab-init.service \
         /etc/systemd/system/multi-user.target.wants/kolab-init.service && \
     ln -s /etc/systemd/system/kolab-setenv.service \
         /etc/systemd/system/multi-user.target.wants/kolab-setenv.service
 
 
 RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
 
 COPY /rootfs /
 
 COPY kolab-init.sh /usr/local/sbin/
 RUN chmod 750 /usr/local/sbin/kolab-init.sh
 
 COPY kolab.conf /etc/kolab/kolab.conf
 COPY cyrus.conf /etc/cyrus.conf
 COPY imapd.conf /etc/imapd.conf
 COPY imapd.annotations.conf /etc/imapd.annotations.conf
 COPY guam.conf /etc/guam/sys.config
 
 ARG DB_KOLAB_DATABASE
 ARG DB_KOLAB_USERNAME
 ARG DB_KOLAB_PASSWORD
 RUN sed -i -r \
     -e "s|DB_KOLAB_DATABASE|$DB_KOLAB_DATABASE|g" \
     -e "s|DB_KOLAB_USERNAME|$DB_KOLAB_USERNAME|g" \
     -e "s|DB_KOLAB_PASSWORD|$DB_KOLAB_PASSWORD|g" \
     /etc/kolab/kolab.conf
 
 RUN mkdir -p /imapdata/{spool,lib} && \
     rm -rf /var/spool/imap && ln -s /imapdata/spool /var/spool/imap && \
     mv /var/lib/imap /var/lib/imap-bak && ln -s /imapdata/lib /var/lib/imap && \
     chmod -R 777 /imapdata && \
     chown cyrus:mail /var/spool/imap /var/lib/imap
 
 RUN mkdir -p /ldapdata/{config,ssca,run} /var/run/dirsrv && \
     ln -s /ldapdata/config /etc/dirsrv/slapd-kolab && \
     ln -s /ldapdata/ssca /etc/dirsrv/ssca && \
     ln -s /ldapdata/run /var/run/dirsrv && \
     chmod -R 777 /ldapdata /etc/dirsrv
 
 VOLUME [ "/sys/fs/cgroup" ]
 VOLUME [ "/imapdata" ]
 VOLUME [ "/ldapdata" ]
 
 WORKDIR /root/
 
 CMD ["/lib/systemd/systemd"]
 
-EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 110/tcp 389/tcp 443/tcp 995/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp
+EXPOSE 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp