diff --git a/README.md b/README.md
index c7cab1f..1d70bb2 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Signal TLS Proxy
 
-To run a Signal TLS proxy, you will need a host with a domain name that has ports 80 and 443 available.
+To run a Signal TLS proxy, you will need a host that has ports 80 and 443 available and a domain name that points to that host.
 
 1. Install docker and docker-compose (`apt update && apt install docker docker-compose`)
 1. Ensure your current user has access to docker (`adduser $USER docker`)
@@ -9,3 +9,13 @@ To run a Signal TLS proxy, you will need a host with a domain name that has port
 1. `docker-compose up --detach`
 
 Your proxy is now running! You can share this with the URL `https://signal.tube/#<your_host_name>`
+
+## Updating from a previous version
+
+If you've previously run a proxy, please update to the most recent version by pulling the most recent changes from `main`, then restarting your Docker containers:
+
+```shell
+git pull
+docker-compose down
+docker-compose up --detach
+```
diff --git a/data/nginx-terminate/nginx.conf b/data/nginx-terminate/nginx.conf
index 61f0e6a..00a21c7 100644
--- a/data/nginx-terminate/nginx.conf
+++ b/data/nginx-terminate/nginx.conf
@@ -10,7 +10,11 @@ http {
         listen 80;
 
         location /.well-known/acme-challenge/ {
-            root /var/www/certbot;
+            alias /var/www/certbot/;
+        }
+
+        location / {
+            return 404;
         }
     }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index 0f39164..2110468 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
     read_only: true
     ports:
       - "443:443"
+      - "80:80"
     security_opt:
       - no-new-privileges:true
     cap_drop: