diff --git a/.env.sample b/.env.sample
index 39cc22d..9815866 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,8 +1,60 @@
 TYPE=wireguard-ui
 
 DOMAIN=wireguard-ui.example.com
-
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wireguard-ui.example.com`'
-
 LETS_ENCRYPT_ENV=production
+
+##
+## Please check https://github.com/ngoduykhanh/wireguard-ui for up-to-date information regarding default values and environment variables
+
+#BASE_PATH
+#BIND_ADDRESS # default: 0.0.0.0:80
+#SUBNET_RANGES
+
+#SESSION_MAX_DURATION # Non-refreshed session is valid for 7 days max, regardless of this setting. default: 90 days 
+WGUI_USERNAME=admin # The username for the login page. Used for db initialization only
+
+#WGUI_ENDPOINT_ADDRESS
+#WGUI_FAVICON_FILE_PATH
+
+#WGUI_DNS
+#WGUI_MTU
+#WGUI_PERSISTENT_KEEPALIVE
+#WGUI_FIREWALL_MARK
+#WGUI_TABLE
+#WGUI_CONFIG_FILE_PATH
+#WGUI_LOG_LEVEL
+#WG_CONF_TEMPLATE
+
+##
+## SMTP/SendGrid configuration
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#EMAIL_FROM_ADDRESS
+#EMAIL_FROM_NAME # default: Wireguard UI
+#SMTP_HOSTNAME # default: 127.0.0.1
+#SMTP_PORT # default: 25
+#SMTP_USERNAME
+#SMTP_AUTH_TYPE # options: PLAIN, LOGIN, NONE
+#SMTP_ENCRYPTION # options: NONE, SSL, SSLTLS, TLS, STARTTLS
+#SMTP_HELO # smtp-relay.gmail.com needs this set to anything but localhost default: localhost
+
+#SENDGRID_API_KEY
+#SENDGRID_API_KEY_FILE
+
+##
+## Telegram bot information for sending configs to Telegram accounts
+
+#TELEGRAM_TOKEN
+#TELEGRAM_ALLOW_CONF_REQUEST
+#TELEGRAM_FLOOD_WAIT
+
+#WGUI_SERVER_INTERFACE_ADDRESSES # default: 10.252.1.0/24
+#WGUI_SERVER_LISTEN_PORT # default: 51820
+#WGUI_SERVER_POST_UP_SCRIPT
+#WGUI_SERVER_POST_DOWN_SCRIPT
+#WGUI_DEFAULT_CLIENT_ALLOWED_IPS # default: 0.0.0.0/0
+#WGUI_DEFAULT_CLIENT_EXTRA_ALLOWED_IPS
+#WGUI_DEFAULT_CLIENT_USE_SERVER_DNS # default: true
+#WGUI_DEFAULT_CLIENT_ENABLE_AFTER_CREATION # default: true
diff --git a/README.md b/README.md
index b45b4d0..2c8152c 100644
--- a/README.md
+++ b/README.md
@@ -6,10 +6,10 @@
 
 * **Category**: Apps
 * **Status**: 0
-* **Image**: [`wireguard-ui`](https://hub.docker.com/r/linuxserver/wireguard), 4, upstream
-* **Healthcheck**: No
+* **Image**: [`wireguard-ui`](https://hub.docker.com/r/ngoduykhanh/wireguard-ui), 4, upstream
+* **Healthcheck**: Yes
 * **Backups**: No
-* **Email**: No
+* **Email**: Yes
 * **Tests**: No
 * **SSO**: No
 
diff --git a/compose.smtp.yml b/compose.smtp.yml
new file mode 100644
index 0000000..ff667cd
--- /dev/null
+++ b/compose.smtp.yml
@@ -0,0 +1,19 @@
+services:
+  app:
+    secrets:
+      - smtp_password
+    environment:
+      - EMAIL_FROM_ADDRESS
+      - EMAIL_FROM_NAME
+      - SMTP_HOSTNAME
+      - SMTP_PORT
+      - SMTP_USERNAME
+      - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
+      - MAIL_AUTH_TYPE
+      - MAIL_ENCRYPTION
+      - SMTP_HELO
+
+secrets:
+  smtp_password:
+    external: true
+    name: ${STACK_NAME}_smtp_password
diff --git a/compose.yml b/compose.yml
index 5c0dcd2..2598984 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,37 +1,59 @@
 services:
   wireguard:
     image: linuxserver/wireguard:latest
-    container_name: wireguard
+    restart: unless-stopped
     cap_add:
       - NET_ADMIN
     volumes:
-      - ./config:/config
+      - wgconfig:/config
     ports:
-      - "5000:5000"
       - "51820:51820/udp"
 
-  wireguard-ui:
-    image: ngoduykhanh/wireguard-ui:latest
-    container_name: wireguard-ui
+  app:
+    image: ngoduykhanh/wireguard-ui:0.6.2
+    networks:
+      - proxy
+    restart: unless-stopped
     depends_on:
       - wireguard
     cap_add:
       - NET_ADMIN
     network_mode: service:wireguard
+    secrets:
+      - session_secret
+      - admin_password
     environment:
-      - SENDGRID_API_KEY
-      - EMAIL_FROM_ADDRESS
-      - EMAIL_FROM_NAME
-      - SESSION_SECRET
-      - WGUI_USERNAME=admin
-      - WGUI_PASSWORD=admin
-      - WG_CONF_TEMPLATE
+      - BIND_ADDRESS=0.0.0.0:80
       - WGUI_MANAGE_START=true
       - WGUI_MANAGE_RESTART=true
+      - SESSION_SECRET_FILE=/run/secrets/session_secret
+      - WGUI_PASSWORD_FILE=/run/secrets/admin_password
     logging:
       driver: json-file
       options:
         max-size: 50m
     volumes:
-      - ./db:/app/db
-      - ./config:/etc/wireguard
+      - wguidb:/app/db
+      - wguiconfig:/etc/wireguard
+    labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "coop-cloud.${STACK_NAME}.version=0.6.2"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+
+networks:
+  proxy:
+    external: true
+
+volumes:
+  wgconfig:
+  wguiconfig:
+  wguidb: