diff --git a/docker-compose-inline.yml b/docker-compose-inline.yml
index 92795a424ee9c194be8c4e0017f54a5c115496fe..bb055f082c1015e3c9230bce5216fa25c4b61e45 100644
--- a/docker-compose-inline.yml
+++ b/docker-compose-inline.yml
@@ -12,22 +12,22 @@ services:
           EXPOSE 80
           EXPOSE 53/tcp
           EXPOSE 53/udp
-          ENTRYPOINT ["./gocanary", "--enable-hardening=false", "--enable-https=true", "--autocert-domain=REPLACE_DOMAIN"]
-        #Or for cert.key and cert.pem
-        #ENTRYPOINT ["./gocanary", "--enable-hardening=false", "--enable-https=true"]
-      ports:
-        - "REPLACE_PUBLIC_IP:53:53/udp"
-        - "REPLACE_PUBLIC_IP:53:53/tcp"
-        - "REPLACE_PUBLIC_IP:443:443"
-        - "REPLACE_PUBLIC_IP:80:80"
+          ENTRYPOINT ["./gocanary", "--enable-hardening=false" ]
+      network_mode: "host" #no need to map ports, and bypass default docker firewall
       volumes:
         - ./canary.yaml:/canary/canary.yaml
         - ./config.yaml:/canary/config.yaml
+
         #For let's encrypt certificates
-        - ./cache:/canary/cache
+        #- ./cache:/canary/cache
         #Or use generated certs
         #- ./cert.key:/canary/cert.key
         #- ./cert.pem:/canary/cert.pem
+
+        #Map known certificates
+        #- /etc/ssl:/etc/ssl
+        #Or for redhat derivatives:
+        # - /etc/pki:/etc/pki
       container_name: gocanary
       restart: always
       logging: