diff --git a/web/twa-vis-platform/auth/compose.yml b/web/twa-vis-platform/auth/compose.yml
index 9e79e3cd3eb..f7a3cd72ac3 100644
--- a/web/twa-vis-platform/auth/compose.yml
+++ b/web/twa-vis-platform/auth/compose.yml
@@ -7,8 +7,8 @@ services:
       - "8080:8080"
       - "8443:8443"
     environment:
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}    
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-theworldavatar}
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}    
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD:-theworldavatar}
       KC_LOG: console,file
       KC_LOG_LEVEL: info
       KC_LOG_CONSOLE_COLOR: true
@@ -26,6 +26,42 @@ services:
     networks:
       - auth-network
 
+  keycloak-server:
+    container_name: "keycloak-server"
+    image: keycloak/keycloak:26.0
+    ports:
+      - "8080:8080"
+    environment:
+      TZ: Europe/London
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
+      ###################################################
+      KC_LOG: console,file
+      KC_LOG_CONSOLE_LEVEL: info
+      KC_LOG_CONSOLE_COLOR: true
+      KC_LOG_FILE_LEVEL: trace
+      ###################################################
+      KC_HOSTNAME: ## set hostname as configured in reverse proxy here
+      KC_HOSTNAME_ADMIN: ## optionally set hostname as configured in reverse proxy here
+      # KC_HOSTNAME_DEBUG: true # if necessary
+      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false # not needed to allow other containers to commumicate with keycloak server-side
+      ###################################################
+      KC_DB_URL_HOST: postgres
+      KC_DB_USERNAME: postgres
+      KC_DB: postgres
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_DB_POOL_MAX_SIZE: 50
+      ###################################################
+      KC_HEALTH_ENABLED: true
+      KC_HTTP_ENABLED: true ## this replaces the prox  y mode (whether to forward in SSL or not), works if we assume this is edge server
+      KC_PROXY_HEADERS: xforwarded ## this replaces the proxy mode (whether to forward in SSL or not)
+      # KC_TLS_HOSTNAME_VERIFIER: ANY
+    command: start --import-realm #--optimized
+    volumes:
+      - ./realm:/opt/keycloak/data/import:ro # the realm to import
+    networks:
+      - auth-network
+
   redis:
     restart: always
     container_name: "bnl-redis"
@@ -89,4 +125,8 @@ networks:
 
 secrets:
   postgres-password:
-    file: ./postgres-password
\ No newline at end of file
+    file: ./postgres-password
+
+volumes:
+  dragonflydata:
+  postgres-data:
\ No newline at end of file
diff --git a/web/twa-vis-platform/auth/cooooooooooompose.yml b/web/twa-vis-platform/auth/cooooooooooompose.yml
deleted file mode 100644
index 357e1520e53..00000000000
--- a/web/twa-vis-platform/auth/cooooooooooompose.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-services:
-  keycloak:
-    container_name: "bnl-keycloak-server"
-    image: keycloak/keycloak:latest
-    ports:
-      - "8081:8080"
-    environment:  
-      KC_FEATURES: "hostname:v2"
-      KC_LOG_LEVEL: debug
-      KC_HOSTNAME: "https://theworldavatar.io/bnl/authorisation/"
-      # KC_HTTP_RELATIVE_PATH : "/bnl/authorisation/"
-      KC_HOSTNAME_DEBUG: true
-      # KC_HOSTNAME_ADMIN: https://theworldavatar.io/bnl/admin/
-      KC_HOSTNAME_BACKCHANNEL_DYNAMIC: true # needed to allow other containers to commumicate with keycloak server-side
-      KC_HTTP_ENABLED: true ## this replaces the proxy mode (whether to forward in SSL or not), works if we assume this is edge server
-      KC_PROXY_HEADERS: xforwarded ## this replaces the proxy mode (whether to forward in SSL or not)
-      KC_TLS_HOSTNAME_VERIFIER: ANY
-    command: start --optimized --import-realm
-    volumes:
-      - ./realm:/opt/keycloak/data/import:ro # the realm to import
-    networks:
-      - app-network
-
-  keycloak-dev:
-    container_name: "bnl-keycloak-server"
-    image: keycloak/keycloak:latest
-    ports:
-      - "8081:8080"
-    environment:
-      KEYCLOAK_ADMIN: oisin
-      KEYCLOAK_ADMIN_PASSWORD: liffey-swim
-      KC_LOG_LEVEL: info
-      KC_HOSTNAME_PORT: 
-    command: start-dev
-    profiles:
-      - dev
-
-  redis:
-    container_name: "bnl-redis"
-    image: redis:latest
-    ports:
-      - "6379:6379"
-    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
-    volumes:
-      - ./redis.conf:/usr/local/etc/redis/redis.conf
-
-  # nginx-proxy-manager:
-  #   container_name: "nginx-proxy-manager"
-  #   image: jc21/nginx-proxy-manager:latest
-  #   ports:
-  #     - "80:80"
-  #     - "81:81"
-  #     - "443:443"
-  #   environment:
-  #     DB_SQLITE_FILE: "/data/database.sqlite"
-  #   volumes:
-  #     - ./data:/data
-  #     - ./letsencrypt:/etc/letsencrypt
-  #   networks:
-  #     - app-network
-
-networks:
-  app-network:
-    driver: bridge
\ No newline at end of file