diff --git a/Dockerrun.aws.json.production b/Dockerrun.aws.json.production
index 439ea7c..656ab55 100644
--- a/Dockerrun.aws.json.production
+++ b/Dockerrun.aws.json.production
@@ -30,7 +30,7 @@
     },
     {
       "name": "server",
-      "image": "offen/offen:stable@sha256:87b77a8db3a3d09007e3fe01771b0c459873c7716426bc8746b5477045d38447",
+      "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc",
       "essential": true,
       "memory": 256,
       "command": ["serve"]
diff --git a/Dockerrun.aws.json.staging b/Dockerrun.aws.json.staging
index 4640766..eca188f 100644
--- a/Dockerrun.aws.json.staging
+++ b/Dockerrun.aws.json.staging
@@ -23,7 +23,7 @@
     },
     {
       "name": "server",
-      "image": "offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427",
+      "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc",
       "essential": true,
       "memory": 256,
       "command": ["serve"]
diff --git a/Makefile b/Makefile
index 36a7a0a..93fa809 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,9 @@ setup: dev-build update howto
 dev-build:
 	@docker-compose build
 
+up:
+	@docker-compose up
+
 howto:
 	@echo "Successfully built containers and installed dependencies."
 	@echo "If this is your initial setup, you can run 'make bootstrap' next"
diff --git a/README.md b/README.md
index 7f1511c..ff7036f 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ $ make bootstrap
 You can test your setup by starting the application:
 
 ```sh
-$ docker-compose up
+$ make up
 ```
 
 which should enable you to access the homepage at <http://localhost:8000/> and use the wrapped `auditorium` at <http://localhost:8000/auditorium>
diff --git a/docker-compose.yml b/docker-compose.yml
index 51e2cf4..8939bc8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,18 +12,19 @@ services:
       - server
 
   server:
-    image: offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427
+    image: offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc
     command: serve
     volumes:
       - ./bootstrap.yml:/bootstrap.yml
+      - database:/data
     environment:
-      POSTGRES_CONNECTION_STRING: postgres://postgres:develop@server_database:5432/postgres?sslmode=disable
-      DEVELOPMENT: '1'
-      PORT: 8080
-      COOKIE_EXCHANGE_SECRET: 8jeKYbbnywoYIZznu4HffQ==
-      EVENT_RETENTION_PERIOD: 4464h
-      ACCOUNT_USER_EMAIL_SALT: eypctS7SVKM1Ureb61db5Q==
-      SECURE_COOKIE: 'off'
+      OFFEN_APP_EVENTRETENTIONPERIOD: 4464h
+      OFFEN_APP_DEVELOPMENT: '1'
+      OFFEN_APP_DISABLESECURECOOKIE: '1'
+      OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db
+      OFFEN_SERVER_PORT: 8080
+      OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ==
+      OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q==
     depends_on:
       - server_database
 
@@ -46,3 +47,4 @@ services:
 
 volumes:
   homepagedeps:
+  database:
diff --git a/nginx.conf b/nginx.conf
index 6203cc3..15e78b3 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -25,11 +25,18 @@ http {
 	server {
 		listen 80;
 		expires $expires;
+		proxy_hide_header Content-Security-Policy;
 		add_header Content-Security-Policy $csp;
+		proxy_hide_header Strict-Transport-Security;
+		add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
+		proxy_hide_header Referrer-Policy;
 		add_header Referrer-Policy 'origin-when-cross-origin';
+		proxy_hide_header X-Content-Type-Options;
 		add_header X-Content-Type-Options 'nosniff';
+		proxy_hide_header X-XSS-Protection;
 		add_header X-XSS-Protection '1; mode=block';
 
+
 		location /api/ {
 			proxy_pass http://server;
 			proxy_redirect off;