diff --git a/docs/10_Installation.md b/docs/10_Installation.md
new file mode 100644
index 0000000000000000000000000000000000000000..1096a5b5c73b5540f7e0ae3283a0f08536f41bc0
--- /dev/null
+++ b/docs/10_Installation.md
@@ -0,0 +1,95 @@
+# Installation on server
+
+## Xsentfile module
+
+On Apache Webserver install xsendfile module.
+
+i.e. on CentOS
+
+`yum install mod_xsendfile`
+
+## Configuration of vhost
+
+In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute
+path on your websever.
+
+Redirect all requests to /packages/[whatever] to /packages/index.php
+
+
+Example snippet
+
+```text
+
+    XSendFile On
+    XSendFilePath "/var/www/cipkg.example.com/packages/"
+
+    <Location "/packages">
+
+        RewriteEngine on
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^(.*)$ index.php [QSA,L]
+
+    </Location>
+```
+
+## Configuration of a secret on server
+
+if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist.
+set a secret behind key apikey.
+
+It means: this is a shared secret between this server and all your application servers.
+
+It is not realized yet to use a secret per application.
+
+```php
+$approot=dirname(__DIR__);
+return array(
+    
+    // define a secret aka api key
+    'apikey'=>'our-package-server-secret',
+
+    // packages to deliver where files from ci server are synched
+    'packagedir'=>$approot.'/packages',
+    
+    // max age of request ... client and server need to be in sync
+    'maxage'=>60,
+
+    // force that a hash can be used only once
+    // a side effect is that fast repeat or simultanius requests
+    // will be denied.
+    'onetimesecret'=>true,
+
+    // filesize of lock file with stored hashed before starting garbage collection
+    // 10.000 byte are reached after 114 req
+    'maxlockfilesize'=>10000,
+    
+    // tmp dir to store used hashes
+    'tmpdir'=>$approot.'/tmp',
+
+    // allow directory listing when accessing a path of a package
+    // true is required to fetch all packages
+    'showdircontent'=>true,
+);
+```
+
+## Prepare receive of packages
+
+* Create an deployment account package server that can be used to be connected 
+  via SSH by the ci server
+* add the public key of www-data of the ci server into
+  /home/deployment/.ssh/authorized keys
+* Set permissions that the deployment user can write into
+  /var/www/cipkg.example.com/packages/
+  and the user of the webeservice can read it 
+  `chown deployment:apache /var/www/cipkg.example.com/packages/` and
+  `chmod 750 /var/www/cipkg.example.com/packages/`
+
+## Ci server: add a sync target
+
+TODO
+
+In the config of CI web server add a sync target. Use
+
+* the deployment user as ssh
+* the fqdn as hostname
+* the defined *packagedir* in your inc_config.php as target directory
diff --git a/docs/20_Usage.md b/docs/20_Usage.md
new file mode 100644
index 0000000000000000000000000000000000000000..561641bf0614788e4c2285b2dbff5df48eb48e39
--- /dev/null
+++ b/docs/20_Usage.md
@@ -0,0 +1,35 @@
+## Getting files
+
+An example client to access files from this package server is available
+as bash script (using curl).
+
+See deployment project <https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client>
+
+The download script is bin/getfile.sh.
+
+## How does it work?
+
+TODO: needs to be completed.
+
+Each request to localhost/packages/ is secured.
+
+A request will be rejected in the following cases:
+
+* no authentication was used
+* a wrong authentication was used
+* an old timestamp was used (maybe the time on client or server are not synced)
+* a hashed key was used twice
+
+If a request was OK the file will be delivered.
+
+Possible GET requests are:
+
+* show names of phases (preview|stage|live) (1)
+* show products (1)
+* show files of a product (1)
+* get a single file
+
+(1) only if *showdircontent* is set to true.
+
+If a valid request came in then the hash will be written to `[approot]/tmp/used_hashes.txt`.
+This file will be cleaned up if reaching the defined file size with value of *maxlockfilesize*.
diff --git a/docs/_index.md b/docs/_index.md
new file mode 100644
index 0000000000000000000000000000000000000000..a0766e332bd6a7a0840e2e65ef2cdac8d41df244
--- /dev/null
+++ b/docs/_index.md
@@ -0,0 +1,51 @@
+# CI Package Server
+
+A sattelite system of the CI server to deliver built packages in other
+networks. The file access is protected with a dynamic authorization to
+prevent public access.
+
+An example client was coded in Bash (using curl)
+
+SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
+
+DOCS: https://os-docs.iml.unibe.ch/ci-pkg/
+
+```mermaid
+graph LR
+    CI(CI<br>deployment<br>web gui) --> |Build| PkgDir 
+    PkgDir[Package<br>dir]
+
+    PkgDir --> |rsync| Pkg1
+    PkgDir --> |rsync| Pkg2
+    PkgDir --> |rsync| Pkg3
+
+    subgraph Package server
+        Pkg1
+    end
+
+    Pkg1(CI package<br>server 1) --> |secure<br>download| DeployClient
+    Pkg2(CI package<br>server N)
+    Pkg3(Puppet master)
+
+
+    DeployClient --> |installs| ApplicationA(Application A)
+    DeployClient --> |installs| ApplicationB(Application B)
+
+```
+
+This project is related to
+
+* CI deployment web gui https://git-repo.iml.unibe.ch/iml-open-source/imldeployment
+* Deployment client https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client
+
+## License
+
+GNU GPL 3.0
+
+## Requirements
+
+* Webserver with xsentfile module
+* PHP 8
+* Set filepath to [approot]/packages
+* Rewrite rule for [ur]/packages/
+* an account to receive packages from ci server with ssh
diff --git a/docs/config.json b/docs/config.json
new file mode 100644
index 0000000000000000000000000000000000000000..fd1cd9841706bcb62abeffb64d829461445d8bd8
--- /dev/null
+++ b/docs/config.json
@@ -0,0 +1,25 @@
+{
+    "title": "CI Package server",
+    "author": "Axel Hahn",
+    "tagline": "Package server for secure downloads.",
+    "ignore": {
+        "files": ["30_PHP-client/Plugins/Checks/_skeleton.md"],
+        "folders": ["99_Not_Ready"]
+    },
+    "html": {
+        "auto_toc": true,
+        "auto_landing": false,
+        "date_modified": false,
+        "jump_buttons": true,
+        "edit_on_github_": "iml-it/__PROJECT__/tree/master/docs",
+        "edit_on": {
+            "name": "Gitlab",
+            "basepath": "https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg/tree/master/docs"
+        },
+        "links": {
+            "Git Repo": "https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg.git"
+        },
+        "theme": "daux-blue",
+        "search": true
+    }
+}
\ No newline at end of file
diff --git a/docs/style.css b/docs/style.css
new file mode 100644
index 0000000000000000000000000000000000000000..1ceb0eb44395361387353e278a5dff3fe935324c
--- /dev/null
+++ b/docs/style.css
@@ -0,0 +1,176 @@
+/*
+
+    patch css elements of daux.io blue theme
+    version 2022-04-22
+
+*/
+
+
+/* ---------- vars ---------- */ 
+
+:root{
+
+    /* background colors */
+    --bg:none;
+    --bg-body: #fff;
+    --bg-navlinkactive:#f4f4f4;
+    --bg-navlinkactive: linear-gradient(-90deg,rgba(0,0,0,0), rgba(40,60,80,0.05) 30%);
+    --bg-pre:#f8f8f8;
+    --bg-toc: #fff;
+
+    /* foreground colors */
+    --color: #234;
+    --navlinkactive:#f33;
+    --title: #aaa;
+
+    --link:#12a;
+    --toclink:rgba(40,60,80,0.8);
+
+    --h1: rgba(40,60,80,0.8);
+    --h1-bottom: 1px solid rgba(40,60,80,0.1);
+    --h2: rgba(40,60,80,0.5);
+    --h3: rgba(40,60,80,0.3);
+
+}
+
+/* ---------- tags ---------- */
+
+a.Brand::before {
+	background: rgb(255,0,51);
+	color: #fff;
+    font-family: arial;
+	font-weight: bold;
+	padding: 0.5em 0.3em;
+	content: 'IML';
+    margin-right: 0.4em;
+}
+
+body, *{color: var(--color);}
+body{background: var(--bg-body);}
+
+
+a{color: var(--link);}
+a:hover{opacity: 0.7;}
+
+h1>a{ color:var(--title);}
+_h1:nth-child(1){position: fixed; background: var(--bg); box-shadow: 0 0 1em #ccc; padding: 0 1em}
+h1:nth-child(1)>a{ color:var(--navlinkactive); }
+
+.s-content h1{color: var(--h1); font-size: 200%; font-weight:bold; margin-top: 2em; border-bottom: var(--h1-bottom);}
+.s-content h2{color: var(--h2); font-size: 160%; }
+.s-content h3{color: var(--h3); font-size: 140%; }
+.s-content h4{margin: 0; font-size: 100%; text-align: center; background-color: rgba(0,0,0,0.05);padding: 0.3em;}
+
+.s-content pre{
+    background: var(--bg-pre);
+}
+
+/* ---------- classes ---------- */
+
+.required{color:#a42;}
+.optional{color:#888;}
+
+
+/* ----- top left */
+.Brand,
+.Columns__left {
+	background: var(--bg);
+	border-right: 0px solid #e7e7e9;
+    color: var(--color);
+}
+.Brand{font-size: 200%;
+    background_: linear-gradient(-10deg,#fff 50%, #ddd);
+    background: var(--bg);
+}
+.Columns__right__content {
+	background: var(--bg);
+}
+
+/* ----- Navi left */
+
+.Nav a:hover{
+    background: none;
+    color: var(--navlinkactive) !important;
+}
+
+.Nav__item--active {
+    border-right_: 0.3em solid var(--navlinkactive);
+}
+.Nav__item--active > a{
+	background: var(--bg-navlinkactive);
+    color: var(--navlinkactive);
+}
+.Nav .Nav .Nav__item--active a {
+    color: var(--navlinkactive);
+}
+.Nav .Nav .Nav__item a {
+	opacity: 1;
+}
+.Nav__item--open > a {
+	background-color: var(--bg);
+}
+
+.Nav a[href*="__Welcome"]{
+    background: url("/icons/house.png") no-repeat 10px 4px ;
+    padding-left: 40px;
+}
+.Nav a[href*="__How_does_it_work"]{
+    background: url("/icons/light-bulb.png") no-repeat 10px 4px ;
+    padding-left: 40px;
+}
+
+
+
+
+/* ---------- classes ---------- */
+
+/* FIX smaller fnt size in tables */
+.s-content table {
+	font-size: 1em;
+}
+
+
+/* TOC */
+@media(min-width:1700px){
+    .TableOfContentsContainer{
+        position: fixed;
+        right: 2em;
+        top: 1em;
+    }
+}
+
+.TableOfContentsContainer{
+    border-top-left-radius: 1em;
+    background-color: var(--bg-toc);
+	border-left: 2px solid rgba(0,0,0,0.05);
+    padding: 0em;
+}
+.TableOfContentsContainer__content {
+
+	border: none;
+	font-size: 0.5em;
+
+}
+ul.TableOfContents ul{
+	list-style-type: none;
+    padding-left: 1em;
+}
+.TableOfContentsContainer a{ color:var(--toclink);}
+
+.TableOfContentsContainer__content > .TableOfContents > li + li {
+	border-top: none;
+}
+.TableOfContentsContainer__content > .TableOfContents > li {
+	border-bottom: 1px dashed #ddd;
+}
+
+/* pager - prev .. next */
+.s-content{
+    margin-bottom: 6em;
+}
+.Pager{
+    border-top: 1px dashed #aaa; margin: 0; padding: 1em;
+}
+.Pager a{
+    color:var(--navlinkactive);
+}
diff --git a/readme.md b/readme.md
index 0d58d572d43a8096467713fc61111fc8f0ee0983..3d7c6d6adba424b37df911aafe0388a3bfea7e25 100644
--- a/readme.md
+++ b/readme.md
@@ -4,94 +4,18 @@ A sattelite system of the CI server to deliver built packages in other
 networks. The file access is protected with a dynamic authorization to
 prevent public access.
 
-An example client was coded in Bash (using curl) 
-
-SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
-
-## License
-
-GNU GPL 3.0
-
-## Requirements
-
-* Webserver with xsentfile module
-* Set filepath to [approot]/packages
-* Rewrite rule for [ur]/packages/
-* an account to receive packages from ci server with ssh
-
-## Installation on server
-
-### Xsentfile module
-
-On Apache Webserver install xsendfile module.
-
-i.e. on CentOS
-
-`yum install mod_xsendfile`
-
-### Configuration of vhost
-
-In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute
-path on your websever.
-
-Redirect all requests to /packages/[whatever] to /packages/index.php
+An example client was coded in Bash (using curl).
 
+This project is related to
 
-Example snippet
+* CI deployment web gui https://git-repo.iml.unibe.ch/iml-open-source/imldeployment
+* Deployment client https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client
 
-```text
-
-    XSendFile On
-    XSendFilePath "/var/www/cipkg.example.com/packages/"
-
-    <Location "/packages">
-
-        RewriteEngine on
-        RewriteCond %{REQUEST_FILENAME} !-f
-        RewriteRule ^(.*)$ index.php [QSA,L]
-
-    </Location>
-```
-
-### Configuration of secret on server
-
-if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist.
-set a secret behind key apikey.
-
-```php
-return array(
-    // define a secret aka pi key
-    'apikey'=>'our-package-server-secret',
-    
-    // local directory of synched ci packages
-    'packagedir'=>dirname(__DIR__).'/packages',
-
-    // allow directory listing when accessing a path of a package
-    'showdircontent'=>true,
-);
-```
-
-### Prepare receive of packages
-
-* Create an deployment account package server that can be used to be connected 
-  via SSH by the ci server
-* add the public key of www-data of the ci server into
-  /home/deployment/.ssh/authorized keys
-* Set permissions that the deployment user can write into
-  /var/www/cipkg.example.com/packages/
-  and the user of the webeservice can read it 
-  `chown deployment:apache /var/www/cipkg.example.com/packages/` and
-  `chmod 750 /var/www/cipkg.example.com/packages/`
-
-## Ci server: add a sync target
-
-TODO
-
-## Getting files
+SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
 
-An example client to access files from this package server is available
-as bash script (using curl).
+You can read the docs online: https://os-docs.iml.unibe.ch/ci-pkg/
+Or have a look to the [docs](docs/) subdirectory.
 
-See deployment project <https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client>
+## License
 
-The download script is bin/getfile.sh.
\ No newline at end of file
+GNU GPL 3.0