diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile
index d6eac3e..9e620af 100644
--- a/docker/web/Dockerfile
+++ b/docker/web/Dockerfile
@@ -1,3 +1,3 @@
-FROM nginx
+FROM nginx:alpine
 
 COPY nginx.conf /etc/nginx/nginx.conf
diff --git a/docker/web/nginx.conf b/docker/web/nginx.conf
index 86aa17b..e7e3da4 100644
--- a/docker/web/nginx.conf
+++ b/docker/web/nginx.conf
@@ -1,4 +1,3 @@
-user  www-data;
 worker_processes  1;
 
 error_log  /var/log/nginx/error.log warn;
@@ -25,6 +24,11 @@
 
     keepalive_timeout  65;
 
+    set_real_ip_from  10.0.0.0/8;
+    set_real_ip_from  172.16.0.0/12;
+    set_real_ip_from  192.168.0.0/16;
+    real_ip_header    X-Real-IP;
+
     #gzip  on;
 
     upstream php-handler {
@@ -51,14 +55,7 @@
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
         add_header Referrer-Policy no-referrer;
-        
-        # Remove X-Powered-By, which is an information leak
-        fastcgi_hide_header X-Powered-By;
 
-        # Remove X-Powered-By, which is an information leak
-        fastcgi_hide_header X-Powered-By;
-
-        # Path to the root of your installation
         root /var/www/html;
 
         location = /robots.txt {
@@ -67,6 +64,9 @@
             access_log off;
         }
 
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;
+
         # The following 2 rules are only needed for the user_webfinger app.
         # Uncomment it if you're planning to use this app.
         #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
@@ -97,7 +97,7 @@
         #pagespeed off;
 
         location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php$request_uri;
         }
 
         location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@@ -129,7 +129,7 @@
         # Adding the cache control header for js and css files
         # Make sure it is BELOW the PHP block
         location ~ \.(?:css|js|woff|svg|gif)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463";
             # Add headers to serve security related headers (It is intended to
             # have those duplicated to the ones above)
@@ -155,7 +155,7 @@
         }
 
         location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
-            try_files $uri /index.php$uri$is_args$args;
+            try_files $uri /index.php$request_uri;
             # Optional: Don't log access to other assets
             access_log off;
         }