diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
index d76a60a..b702f78 100644
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@@ -9,7 +9,7 @@ services:
       - "80:80"     # The HTTP port
       - "443:443"   # The HTTPS port
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./volumes/traefik/acme.json:/etc/acme.json
       - ./traefik.toml:/traefik.toml
     depends_on:
@@ -28,9 +28,9 @@ services:
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf
     labels:
-      traefik.enable: "true"
-      traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
-      traefik.port: "9000"
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:${PEERTUBE_WEBSERVER_HOSTNAME}
+      - traefik.port=9000
     depends_on:
       - peertube
     restart: "always"
diff --git a/templates/traefik.toml b/templates/traefik.toml
index 0a7884b..532169c 100644
--- a/templates/traefik.toml
+++ b/templates/traefik.toml
@@ -26,13 +26,6 @@ defaultEntryPoints = ["http", "https"]
       "TLS_RSA_WITH_AES_256_GCM_SHA384",
       "TLS_RSA_WITH_AES_256_CBC_SHA"
     ]
-    FrameDeny = false # here we don't want to deny frames since we have an embed
-    STSIncludeSubdomains = true
-    STSSeconds = 315360000
-    STSPreload = true
-    ContentTypeNosniff = true
-    BrowserXssFilter = true
-
 
 # Enable ACME (Let's Encrypt): automatic SSL.
 [acme]
@@ -75,4 +68,6 @@ entryPoint = "https"
   entryPoint = "http"
 
 [docker]
-exposedByDefault = false
+endpoint = "unix:///var/run/docker.sock"
+watch = true
+exposedbydefault = false