diff --git a/Dockerfile b/Dockerfile
index a912ce6..d4557d6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,18 +13,11 @@ RUN apt-get update && apt-get install -y \
         python3-pygments lua-inotify wget curl tar make && \
         wget -q -O $pkgname $pkgurl && dpkg -i $pkgname && rm $pkgname
 
-WORKDIR /opt/app
-
-# COPY openresty.source /etc/apt/sources.list.d/
-# RUN cat openresty.source >> /etc/apt/sources.list.d/debian.sources
-# RUN echo "$(cat openresty.source)" >> /etc/apt/sources.list.d/debian.sources
-
 RUN wget -qO - https://openresty.org/package/pubkey.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
     && chown root:root /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
     && chmod ugo+r /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
     && chmod go-w /etc/apt/trusted.gpg.d/openresty-keyring.gpg \
-    && echo "Types: deb\nURIs: https://openresty.org/package/debian\nSuites: bookworm\nComponents: openresty\nEnabled: yes\nSigned-By: /etc/apt/trusted.gpg.d/openresty-keyring.gpg" >> /etc/apt/sources.list.d/debian.sources \
-    && echo "$(cat /etc/apt/sources.list.d/debian.sources)" \
+    && echo "\nTypes: deb\nURIs: https://openresty.org/package/debian\nSuites: bookworm\nComponents: openresty\nEnabled: yes\nSigned-By: /etc/apt/trusted.gpg.d/openresty-keyring.gpg" >> /etc/apt/sources.list.d/debian.sources \
     && DEBIAN_FRONTEND=noninteractive apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         openresty${RESTY_DEB_FLAVOR}${RESTY_DEB_VERSION} \
@@ -38,42 +31,62 @@ RUN wget -qO - https://openresty.org/package/pubkey.gpg | gpg --dearmor > /etc/a
     && ln -sf /dev/stderr /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/logs/error.log
 
 # Install LuaRocks
-# RUN curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
-#     && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
-#     && cd luarocks-${RESTY_LUAROCKS_VERSION} \
-#     && mkdir -p /usr/local/openresty/luajit \
-#     && ./configure \
-#         --prefix=/usr/local/openresty/luajit \
-#         --with-lua=/usr/local/openresty/luajit \
-#         --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1 \
-#     && make build \
-#     && make install \
-#     && cd /tmp \
-#     && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz
+RUN curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+    && tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \
+    && cd luarocks-${RESTY_LUAROCKS_VERSION} \
+    && mkdir -p /usr/local/openresty/luajit \
+    && ./configure \
+        --prefix=/usr/local/openresty/luajit \
+        --with-lua=/usr/local/openresty/luajit \
+        --with-lua-include=/usr/local/openresty/luajit/include/luajit-2.1 \
+    && make build \
+    && make install \
+    && cd /tmp \
+    && rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz
 
-# RUN luarocks install sitegen
+# Add additional binaries into PATH for convenience
+ENV PATH="$PATH:/usr/local/openresty${RESTY_DEB_FLAVOR}/luajit/bin:/usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/sbin:/usr/local/openresty${RESTY_DEB_FLAVOR}/bin"
+
+# Add LuaRocks paths
+# If OpenResty changes, these may need updating:
+#    /usr/local/openresty/bin/resty -e 'print(package.path)'
+#    /usr/local/openresty/bin/resty -e 'print(package.cpath)'
+ENV LUA_PATH="/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua"
+ENV LUA_CPATH="/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so"
+
+WORKDIR /opt/app
+
+# Copy nginx configuration files
+COPY nginx.conf /usr/local/openresty${RESTY_DEB_FLAVOR}/nginx/conf/nginx.conf
+COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf
+
+RUN luarocks install sitegen
 
 # needed for sitegen watcher
-# RUN luarocks install inotify INOTIFY_INCDIR=/usr/include/x86_64-linux-gnu/
+RUN luarocks install inotify INOTIFY_INCDIR=/usr/include/x86_64-linux-gnu/
 
 # needed for testing
-# RUN luarocks install busted
-# RUN luarocks install luajit-curl
-# RUN luarocks install luasocket # needed for testing nginx reverse proxy
+RUN luarocks install busted
+RUN luarocks install luajit-curl
+RUN luarocks install luasocket # needed for testing nginx reverse proxy
 
-# RUN mkdir -p /var/www/certs/miti.sh \
-#     && openssl req -x509 -newkey rsa:4096 -nodes \
-#       -keyout /var/www/certs/miti.sh/privkey.pem \
-#       -out /var/www/certs/miti.sh/fullchain.pem \
-#       -sha256 -days 365 -subj '/CN=miti.sh' \
-#       -addext "subjectAltName=DNS:miti.sh,DNS:git.miti.sh,DNS:apps.miti.sh"
+RUN mkdir -p /var/www/certs/miti.sh \
+    && openssl req -x509 -newkey rsa:4096 -nodes \
+      -keyout /var/www/certs/miti.sh/privkey.pem \
+      -out /var/www/certs/miti.sh/fullchain.pem \
+      -sha256 -days 365 -subj '/CN=miti.sh' \
+      -addext "subjectAltName=DNS:miti.sh,DNS:git.miti.sh,DNS:apps.miti.sh"
 
-# RUN mkdir -p /var/www/certs/webdevcat.me \
-#     && openssl req -x509 -newkey rsa:4096 -nodes \
-#       -keyout /var/www/certs/webdevcat.me/privkey.pem \
-#       -out /var/www/certs/webdevcat.me/fullchain.pem \
-#       -sha256 -days 365 -subj '/CN=webdevcat.me' \
-#       -addext "subjectAltName=DNS:webdevcat.me,DNS:git.webdevcat.me,DNS:apps.webdevcat.me"
+RUN mkdir -p /var/www/certs/webdevcat.me \
+    && openssl req -x509 -newkey rsa:4096 -nodes \
+      -keyout /var/www/certs/webdevcat.me/privkey.pem \
+      -out /var/www/certs/webdevcat.me/fullchain.pem \
+      -sha256 -days 365 -subj '/CN=webdevcat.me' \
+      -addext "subjectAltName=DNS:webdevcat.me,DNS:git.webdevcat.me,DNS:apps.webdevcat.me"
+
+CMD ["sh", "-c", "openresty -p `pwd` -g 'daemon off;'"]
+
+# Use SIGQUIT instead of default SIGTERM to cleanly drain requests
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls
+STOPSIGNAL SIGQUIT
 
-# CMD ["sh", "-c", "openresty -p `pwd` -g 'daemon off;'"]
-CMD ["bash"]