diff --git a/.env-example b/.env-example
index a8455bd..c258419 100644
--- a/.env-example
+++ b/.env-example
@@ -1,2 +1,3 @@
 POSTGRES_DATA_DIR=
-POSTGRES_PASSWORD=
\ No newline at end of file
+POSTGRES_PASSWORD=
+BASE_IMAGE=
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 8c68bb1..c529246 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,6 @@
 FROM ubuntu:22.04
 LABEL maintainer="datapunt@amsterdam.nl"
 ARG DEBIAN_FRONTEND=noninteractive
-ENV TZ="Europe/Amsterdam"
-
 RUN apt-get update -y \
     && apt-get install -y --no-install-recommends \
         apache2 \
@@ -10,6 +8,7 @@ RUN apt-get update -y \
         curl \
         gdal-bin \
         gdal-data \
+        gosu \
         mapserver-bin \
         python3-pip \
         wget \
@@ -38,5 +37,4 @@ RUN rm -rf /srv/mapserver/private
 
 EXPOSE 8080
 
-USER www-data
 CMD /bin/docker-entrypoint.sh
\ No newline at end of file
diff --git a/Dockerfile.topografie b/Dockerfile.topografie
index 7c55c3d..a689fd9 100644
--- a/Dockerfile.topografie
+++ b/Dockerfile.topografie
@@ -2,7 +2,10 @@ ARG BASE_IMAGE
 
 FROM ${BASE_IMAGE}
 
+USER root
 # Copy referentiekaarten mapfiles into the root dir so they will be served
 
 RUN rm -rf /srv/mapserver/private
 COPY /referentiekaarten/ /srv/mapserver/
+RUN chown -R 999:999 /srv/ && chown -R 999:999 /etc/apache2/
+USER www-data
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index fef04d9..17a8063 100644
--- a/compose.yml
+++ b/compose.yml
@@ -40,7 +40,7 @@ services:
     build:
       context: .
     ports:
-      - "8383:80"
+      - "8383:8080"
     environment:
       # Used by apache to allow complete access for local dev
       LOCAL: "true"
@@ -55,8 +55,8 @@ services:
       DATASERVICES_DB_PASSWORD_PATH: insecure
       DATASERVICES_DB_HOST: database
 
-      MAP_URL: "http://map"
-      LEGEND_URL: "http://map"
+      MAP_URL: "http://localhost:8383"
+      LEGEND_URL: "http://localhost:8383"
 
     volumes:
       - .:/srv/mapserver/
@@ -65,8 +65,10 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.private
+      args:
+        BASE_IMAGE: ${BASE_IMAGE}
     ports:
-      - "8384:80"
+      - "8384:8080"
     environment:
       # Used by apache to allow complete access for local dev
       LOCAL: "true"
@@ -81,8 +83,8 @@ services:
       DATASERVICES_DB_PASSWORD_PATH: insecure
       DATASERVICES_DB_HOST: database
 
-      MAP_URL: "http://map"
-      LEGEND_URL: "http://map"
+      MAP_URL: "http://localhost:8383"
+      LEGEND_URL: "http://localhost:8383"
 
     volumes:
       - ./tools/:/srv/mapserver/tools/
@@ -95,8 +97,10 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.topografie
+      args:
+        BASE_IMAGE: ${BASE_IMAGE}
     ports:
-      - "8385:80"
+      - "8385:8080"
     environment:
       # Used by apache to allow complete access for local dev
       LOCAL: "true"
@@ -111,8 +115,8 @@ services:
       DATASERVICES_DB_PASSWORD_PATH: insecure
       DATASERVICES_DB_HOST: database
 
-      MAP_URL: "http://map"
-      LEGEND_URL: "http://map"
+      MAP_URL: "http://localhost:8383"
+      LEGEND_URL: "http://localhost:8383"
 
     volumes:
       - ./tools/:/srv/mapserver/tools/
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
index de7f684..b335b60 100755
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -27,6 +27,8 @@ CONNECTION "host=${DATASERVICES_DB_HOST} dbname=${DATASERVICES_DB_NAME} user=${D
 PROCESSING "CLOSE_CONNECTION=DEFER"
 EOF
 
+gosu www-data bash
+
 # Configure apache to redirect errors to stderr.
 # The mapserver will redirect errors to apache errorstream (see header.inc and private/header.inc)
 # and apache will then redirect this to stderr, which will then be redirected to syslog/kibana.