diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index e2c3dcc..e29a4f4 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -46,7 +46,7 @@ services:
       - "net"
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.25
     restart: always
     volumes:
       - ./reverseproxy.dev.conf:/opt/bitnami/nginx/conf/nginx.conf
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 51aba43..d637c7f 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -45,7 +45,7 @@ services:
       - "net"
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.25
     restart: always
     volumes:
       - ./reverseproxy.conf:/opt/bitnami/nginx/conf/nginx.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index ec91052..33d40b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,22 +43,19 @@ services:
       dockerfile: Dockerfile
       context: ./frontend
       target: prod
-    command: "npm run dev"
     # open port 8000
     ports:
       - "8000:8000"
-    volumes:
-      - ./frontend/src:/app/src
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.27
     volumes:
       - ./reverseproxy.local.conf:/opt/bitnami/nginx/conf/nginx.conf
     depends_on:
       - htwkalender-data-manager
       - htwkalender-frontend
     ports:
-      - "80:80"
+      - "8080:8080"
 
 volumes:
   pb_data:
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 5b3a522..ead343c 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM node:lts-alpine AS build
+FROM docker.io/node:lts-alpine AS build
 
 WORKDIR /app
 COPY package*.json ./
@@ -24,7 +24,7 @@ COPY / ./
 RUN npm run build
 
 # development stage
-FROM node:lts-alpine AS dev
+FROM docker.io/node:lts-alpine AS dev
 
 WORKDIR /app
 COPY package*.json ./
@@ -33,7 +33,7 @@ COPY . ./
 
 # production stage
 # https://hub.docker.com/r/bitnami/nginx -> always run as non-root user
-FROM bitnami/nginx:1.25 AS prod
+FROM docker.io/bitnami/nginx:1.27 AS prod
 
 # copy build files from build container
 COPY --from=build /app/dist /app
diff --git a/reverseproxy.local.conf b/reverseproxy.local.conf
index 42a12cf..bb05c34 100644
--- a/reverseproxy.local.conf
+++ b/reverseproxy.local.conf
@@ -25,8 +25,8 @@ http {
     limit_req_zone $ratelimit_key zone=createFeed:10m rate=1r/m;
 
     server {
-        listen              80;
-        listen              [::]:80;
+        listen              8080;
+        listen              [::]:8080;
         http2               on;
 
         location /api/feed {
diff --git a/services/data-manager/Dockerfile b/services/data-manager/Dockerfile
index d24ec91..e0c5ded 100644
--- a/services/data-manager/Dockerfile
+++ b/services/data-manager/Dockerfile
@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM golang:alpine AS build
+FROM docker.io/golang:alpine AS build
 
 WORKDIR /htwkalender-data-manager
 
@@ -29,20 +29,19 @@ COPY common/. ./common
 RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-data-manager data-manager/main.go
 
 # production stage
-FROM alpine:3.20.1 AS prod
+FROM docker.io/alpine:3.21 AS prod
 
 WORKDIR /htwkalender-data-manager
 
 ARG USER=ical
 RUN adduser -Ds /bin/sh "$USER" && \
-    chown "$USER":"$USER" ./
-
-USER $USER
-RUN mkdir -p data
+    mkdir -p data && \
+    chown -R "$USER":"$USER" ./
 
 # copies executable from build container
-COPY --chown=$USER:$USER --chmod=644 --from=build /htwkalender-data-manager ./
-RUN chmod +x main
+COPY --chown=$USER:$USER --chmod=744 --from=build /htwkalender-data-manager ./
+
+USER $USER
 
 # Expose port 8090 to the outside world
 EXPOSE 8090
diff --git a/services/ical/Dockerfile b/services/ical/Dockerfile
index 5093bb6..1c04ab9 100644
--- a/services/ical/Dockerfile
+++ b/services/ical/Dockerfile
@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM golang:alpine AS build
+FROM docker.io/golang:alpine AS build
 
 WORKDIR /htwkalender-ical
 
@@ -29,19 +29,19 @@ COPY common/. ./common
 RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-ical ical/main.go
 
 # production stage
-FROM alpine:latest AS prod
+FROM docker.io/alpine:3.21 AS prod
 
 WORKDIR /htwkalender-ical
 
 ARG USER=ical
-RUN adduser -Ds /bin/sh $USER && \
-    chown $USER:$USER ./
-
-USER $USER
-RUN mkdir -p data
+RUN adduser -Ds /bin/sh "$USER" && \
+    mkdir -p data && \
+    chown -R "$USER":"$USER" ./
 
 # copies executable from build container
-COPY --chown=$USER:$USER --from=build /htwkalender-ical ./
+COPY --chown=$USER:$USER --chmod=744 --from=build /htwkalender-ical ./
+
+USER $USER
 
 # Expose port 8091 to the outside world
 EXPOSE 8091