diff --git a/docker-compose.yml b/docker-compose.yml
index 8f255fa..2f539a6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,6 @@ services:
       - ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
       - ./data/certbot/conf:/etc/letsencrypt:Z
       - ./data/certbot/www:/var/www/certbot:Z
-    read_only: true
     ports:
       - "443:443"
       - "80:80"
@@ -19,21 +18,20 @@ services:
     cap_add:
       - CAP_NET_BIND_SERVICE
       - CHOWN
-    tmpfs:
-      - /var/run:size=50M,mode=0770,noexec,nosuid,nodev
-      - /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev
+      - SETUID
+      - SETGID
   nginx-relay:
     image: nginx:alpine
     restart: unless-stopped
     volumes:
       - ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
-    read_only: true
     security_opt:
       - no-new-privileges:true
     cap_drop:
       - ALL
-    tmpfs:
-      - /var/run:size=50M,mode=0770,noexec,nosuid,nodev
+    cap_add:
+      - SETUID
+      - SETGID
   certbot:
     image: certbot/certbot
     restart: unless-stopped