diff --git a/.env.example b/.env.example
index 4d40c81..63bddef 100644
--- a/.env.example
+++ b/.env.example
@@ -1,22 +1,84 @@
-PORT=3000
-ADDRESS=0.0.0.0
-APP_URL=http://localhost:3000
-USERS=your_user_password_hash
-USERS_FILE=users_file
-SECURE_COOKIE=false
-OAUTH_WHITELIST=
-GENERIC_NAME=My OAuth
-SESSION_EXPIRY=7200
-LOGIN_TIMEOUT=300
-LOGIN_MAX_RETRIES=5
-LOG_LEVEL=debug
-APP_TITLE=Tinyauth SSO
-FORGOT_PASSWORD_MESSAGE=Some message about resetting the password
-OAUTH_AUTO_REDIRECT=none
-BACKGROUND_IMAGE=some_image_url
-GENERIC_SKIP_SSL=false
-RESOURCES_DIR=/data/resources
-DATABASE_PATH=/data/tinyauth.db
-DISABLE_ANALYTICS=false
-DISABLE_RESOURCES=false
-TRUSTED_PROXIES=
\ No newline at end of file
+# Base Configuration
+
+# The base URL where Tinyauth is accessible
+TINYAUTH_APPURL=https://auth.example.com
+# Log level: trace, debug, info, warn, error
+TINYAUTH_LOGLEVEL=info
+# Directory for static resources
+TINYAUTH_RESOURCESDIR=/data/resources
+# Path to SQLite database file
+TINYAUTH_DATABASEPATH=/data/tinyauth.db
+# Disable version heartbeat
+TINYAUTH_DISABLEANALYTICS=false
+# Disable static resource serving
+TINYAUTH_DISABLERESOURCES=false
+# Disable UI warning messages
+TINYAUTH_DISABLEUIWARNINGS=false
+
+# Server Configuration
+
+# Port to listen on
+TINYAUTH_SERVER_PORT=3000
+# Interface to bind to (0.0.0.0 for all interfaces)
+TINYAUTH_SERVER_ADDRESS=0.0.0.0
+# Unix socket path (optional, overrides port/address if set)
+TINYAUTH_SERVER_SOCKETPATH=
+# Comma-separated list of trusted proxy IPs/CIDRs
+TINYAUTH_SERVER_TRUSTEDPROXIES=
+
+# Authentication Configuration
+
+# Format: username:bcrypt_hash (use bcrypt to generate hash)
+TINYAUTH_AUTH_USERS=admin:$2a$10$example_bcrypt_hash_here
+# Path to external users file (optional)
+TINYAUTH_USERSFILE=
+# Enable secure cookies (requires HTTPS)
+TINYAUTH_SECURECOOKIE=true
+# Session expiry in seconds (7200 = 2 hours)
+TINYAUTH_SESSIONEXPIRY=7200
+# Login timeout in seconds (300 = 5 minutes)
+TINYAUTH_LOGINTIMEOUT=300
+# Maximum login retries before lockout
+TINYAUTH_LOGINMAXRETRIES=5
+
+# OAuth Configuration
+
+# Regex pattern for allowed email addresses (e.g., /@example\.com$/)
+TINYAUTH_OAUTH_WHITELIST=
+# Provider ID to auto-redirect to (skips login page)
+TINYAUTH_OAUTH_AUTOREDIRECT=
+# OAuth Provider Configuration (replace MYPROVIDER with your provider name)
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID=your_client_id_here
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET=your_client_secret_here
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL=https://provider.example.com/oauth/authorize
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL=https://provider.example.com/oauth/token
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL=https://provider.example.com/oauth/userinfo
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL=https://auth.example.com/oauth/callback/myprovider
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES=openid email profile
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME=My OAuth Provider
+# Allow self-signed certificates
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE=false
+
+# UI Customization
+
+# Custom title for login page
+TINYAUTH_UI_TITLE=Tinyauth
+# Message shown on forgot password page
+TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
+# Background image URL for login page
+TINYAUTH_UI_BACKGROUNDIMAGE=
+
+# LDAP Configuration
+
+# LDAP server address
+TINYAUTH_LDAP_ADDRESS=ldap://ldap.example.com:389
+# DN for binding to LDAP server
+TINYAUTH_LDAP_BINDDN=cn=readonly,dc=example,dc=com
+# Password for bind DN
+TINYAUTH_LDAP_BINDPASSWORD=your_bind_password
+# Base DN for user searches
+TINYAUTH_LDAP_BASEDN=dc=example,dc=com
+# Search filter (%s will be replaced with username)
+TINYAUTH_LDAP_SEARCHFILTER=(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))
+# Allow insecure LDAP connections
+TINYAUTH_LDAP_INSECURE=false
diff --git a/cmd/tinyauth.go b/cmd/tinyauth.go
index dbcb359..b304dd4 100644
--- a/cmd/tinyauth.go
+++ b/cmd/tinyauth.go
@@ -1,9 +1,11 @@
 package main
 
 import (
+	"fmt"
 	"os"
 	"strings"
 	"time"
+	"tinyauth/internal/bootstrap"
 	"tinyauth/internal/config"
 	"tinyauth/internal/utils/loaders"
 
@@ -14,7 +16,7 @@ import (
 
 type TinyauthCmdConfiguration struct {
 	config.Config
-	ConfigFile string `description:"Path to config file."`
+	// ConfigFile string `description:"Path to config file."`
 }
 
 func NewTinyauthCmdConfiguration() *TinyauthCmdConfiguration {
@@ -22,7 +24,7 @@ func NewTinyauthCmdConfiguration() *TinyauthCmdConfiguration {
 		Config: config.Config{
 			LogLevel: "info",
 		},
-		ConfigFile: "",
+		// ConfigFile: "",
 	}
 }
 
@@ -94,5 +96,13 @@ func runCmd(cfg *config.Config) error {
 
 	log.Info().Str("version", config.Version).Msg("Starting tinyauth")
 
+	app := bootstrap.NewBootstrapApp(*cfg)
+
+	err = app.Setup()
+
+	if err != nil {
+		return fmt.Errorf("failed to bootstrap app: %w", err)
+	}
+
 	return nil
 }
diff --git a/docker-compose.example.yml b/docker-compose.example.yml
index 9cec4a5..d94221e 100644
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -20,8 +20,8 @@ services:
     container_name: tinyauth
     image: ghcr.io/steveiliop56/tinyauth:v3
     environment:
-      - APP_URL=https://tinyauth.example.com
-      - USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
+      - TINYAUTH_APPURL=https://tinyauth.example.com
+      - TINYAUTH_AUTH_USERS=user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u # user:password
     volumes:
       - ./data:/data
     labels: