diff --git a/docker-compose.yml b/docker-compose.yml
index 0cd6469..46e099e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,18 +1,46 @@
 services:
   uptime-kuma:
-    image: louislam/uptime-kuma:latest
+    image: louislam/uptime-kuma:2.0.2-rootless
     container_name: uptime-kuma
     restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
     networks:
-     - traefik-net
+      - traefik-net
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.traefik-dashboardraefik-dashboard.rule=Host(`${DOMAIN}`)"
-      - "traefik.http.routers.traefik-dashboardraefik-dashboard.entrypoints=websecure"
-      - "traefik.http.routers.traefik-dashboardraefik-dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.uptime-kuma.rule=Host(`${DOMAIN}`)"
+      - "traefik.http.routers.uptime-kuma.entrypoints=websecure"
+      - "traefik.http.routers.uptime-kuma.tls.certresolver=letsencrypt"
       - "traefik.http.services.uptime-backend.loadbalancer.server.port=3001"
+      - "traefik.http.middlewares.uptime-security.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.middlewares.uptime-security.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.uptime-security.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.uptime-security.headers.referrerPolicy=strict-origin-when-cross-origin"
+      - "traefik.http.routers.uptime-kuma.middlewares=uptime-security"
     volumes:
       - ./data:/app/data
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:3001 || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+        reservations:
+          cpus: "0.25"
+          memory: 256M
 
 networks:
   traefik-net: