diff --git a/deployment/nginx/docker-compose.yaml b/deployment/nginx/docker-compose.yaml
index aee9fca..8fb2e50 100644
--- a/deployment/nginx/docker-compose.yaml
+++ b/deployment/nginx/docker-compose.yaml
@@ -1,21 +1,4 @@
-# Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# You may obtain a copy of the License at
-
-#     http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-##
-## Docker compose file for open-appsec integrated with NGINX
-##
-
-version: "3.9"
+version: "2"
 services:
   appsec-agent:
     image: ghcr.io/openappsec/agent:${APPSEC_VERSION}
@@ -25,38 +8,35 @@ services:
       - LEARNING_HOST=appsec-smartsync
       - TUNING_HOST=appsec-tuning-svc
       - https_proxy=${APPSEC_HTTPS_PROXY}
-      - user_email=${APPSEC_USER_EMAIL}
-      - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
+      - user_email=${USER_EMAIL}
+    # - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
       - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
       - registered_server="NGINX Server"
     ipc: shareable
-    restart: unless-stopped
     volumes:
       - ${APPSEC_CONFIG}:/etc/cp/conf
       - ${APPSEC_DATA}:/etc/cp/data
       - ${APPSEC_LOGS}:/var/log/nano_agent
       - ${APPSEC_LOCALCONFIG}:/ext/appsec
     command: /cp-nano-agent
-    
   appsec-nginx:
     image: ghcr.io/openappsec/nginx-attachment:${APPSEC_VERSION}
     container_name: appsec-nginx
     ipc: service:appsec-agent
-    restart: unless-stopped
-    volumes:
-      - ${NGINX_CONFIG}:/etc/nginx/conf.d
+## when mounting own external nginx config uncomment the two lines below, place the config in {NGINX_CONF_DIR}
+#   volumes:
+#     - ${NGINX_CONF_DIR}:/etc/nginx/conf.d
 
 ## advanced configuration - volume mount for nginx.conf file:
-## To change global instructions it's possible to also mount your own nginx.conf file by uncommenting the line below
-## then specify a desired local folder for NGINX_CONF_FILE in the .env file.
-## In the nginx.conf file make sure to include the line starting with "load_module" which loads the appsec attachment
-## and is included in /etc/nginx/conf.d/nginx.conf file as part of the nginx-attachment container.
+## to change global instructions it's possible to also mount your own nginx.conf file by uncommenting the two lines below
+## make sure to include the line starting with "load_module" which loads the appsec attachment
+## and is included in /etc/nginx/conf.d/nginx.conf file as part of the nginx-attachment container
+## make sure to only have one "volumes:" key
+#   volumes:
 #     - ${NGINX_CONF_FILE}:/etc/nginx/nginx.conf
-
     ports:
       - "80:80"
       - "443:443"
-
   appsec-smartsync:
     profiles:
       - standalone
@@ -64,27 +44,23 @@ services:
     container_name: appsec-smartsync
     environment:
       - SHARED_STORAGE_HOST=appsec-shared-storage
-    restart: unless-stopped
     depends_on:
       - appsec-shared-storage
-
   appsec-shared-storage:
     profiles:
       - standalone
     image: ghcr.io/openappsec/smartsync-shared-files:${APPSEC_VERSION}
     container_name: appsec-shared-storage
     ipc: service:appsec-agent
-    restart: unless-stopped
-## if you do not want to run this container as "root" user you can comment it out and instead run the below command after the deployment
-## docker exec -u root appsec-shared-storage chown -R appuser:appuser /db
+    ## if you do not want to run this container as "root" user you can comment it out and instead run the below command after the deployment
+    ## docker exec -u root appsec-shared-storage chown -R appuser:appuser /db
     user: root
     volumes:
-      - ${APPSEC_SMART_SYNC_STORAGE}:/db:z
+      - ${SMART_SYNC_STORAGE}:/db:z
 ## instead of using local storage for local learning (see line above)
 ## you can also configure central nfs storage by configuring nfs volume (uncomment the relevant section at end of this file)
 ## use a shared nfs storage which is recommended in redundant deployments (uncomment line below, comment out the line above) 
 #     - learning_nfs:/db:z
-
   appsec-tuning-svc:
     profiles:
       - standalone
@@ -92,45 +68,50 @@ services:
     container_name: appsec-tuning-svc
     environment:
       - SHARED_STORAGE_HOST=appsec-shared-storage
-      - QUERY_DB_PASSWORD=${APPSEC_DB_PASSWORD}
-      - QUERY_DB_HOST=${APPSEC_DB_HOST}
-      - QUERY_DB_USER=${APPSEC_DB_USER}
+      - QUERY_DB_PASSWORD=${DB_PASSWORD}
+      - QUERY_DB_HOST=${DB_HOST}
+      - QUERY_DB_USER=${DB_USER}
 ## only relevant when deploying own DB 
 #     - SSLMODE:
-    restart: unless-stopped
     volumes:
       - ${APPSEC_CONFIG}:/etc/cp/conf
     depends_on:
       - appsec-shared-storage
       - appsec-db
-
   appsec-db:
     profiles:
       - standalone
     image: postgres
     container_name: appsec-db
-    restart: unless-stopped
+    restart: always
     environment:
-      - POSTGRES_PASSWORD=${APPSEC_DB_PASSWORD}
-      - POSTGRES_USER=${APPSEC_DB_USER} 
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_USER=${DB_USER} 
     volumes:
-      - ${APPSEC_POSTGRES_STORAGE}:/var/lib/postgresql/data
+      - ${POSTGRES_STORAGE}:/var/lib/postgresql/data
 
 ## example juice-shop backend container (vulnerable webserver, USE ONLY FOR TESTING AND IN LAB ENV)
-  juiceshop-backend:
-    image: bkimminich/juice-shop:latest
-    container_name: juiceshop-backend
-    profiles:
-      - juiceshop
+##
+## uncomment this block for testing purposes only, make sure to also adjust the nginx.conf file 
+## to include a proxy_pass directive forwarding external traffic on e.g. port 80 to the juiceshop-backend container
+## you can use the example file available here:
+## https://raw.githubusercontent.com/openappsec/openappsec/refs/heads/main/examples/juiceshop/default.conf
+## in the appsec-nginx service definition
+## note that juiceshop container listens on HTTP port 3000 by default
+#
+# juiceshop-backend:
+#   image: bkimminich/juice-shop:latest
+#   container_name: juiceshop-backend
+
 
 ## advanced configuration: learning_nfs volume for nfs storage in shared_storage container
 ##
 ## when configuring nfs storage in shared_storage container configuration above, make sure to also specify learning_nfs volume (see example below for using AWS EFS storage)
-##
-#volumes:
-# learning_nfs:
-#   driver: local
-#   driver_opts:
-#     type: nfs
-#     o: addr=fs-abcdef.efs.eu-west-1.amazonaws.com,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
-#     device: ":/"
+# 
+# volumes:
+#   learning_nfs:
+#     driver: local
+#     driver_opts:
+#       type: nfs
+#       o: addr=fs-abcdef.efs.eu-west-1.amazonaws.com,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
+#       device: ":/"