diff --git a/compose.oauth.yml b/compose.oauth.yml
index 2afa404..656296d 100644
--- a/compose.oauth.yml
+++ b/compose.oauth.yml
@@ -2,7 +2,7 @@
 version: "3.8"
 
 services:
-  codimd:
+  app:
     environment:
       - CMD_OAUTH2_PROVIDERNAME
       - CMD_OAUTH2_BASEURL
diff --git a/compose.yml b/compose.yml
index 446076a..e069e1f 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,30 +2,17 @@
 version: "3.8"
 
 services:
-  postgres:
-    image: postgres:11.6-alpine
-    environment:
-      - POSTGRES_USER=codimd
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
-      - POSTGRES_DB=codimd
-    volumes:
-      - "postgres:/var/lib/postgresql/data"
-    secrets:
-      - db_password
-    networks:
-      - internal
-
   codimd:
     image: nabo.codimd.dev/hackmdio/hackmd:2.1.0
     environment:
       - CMD_USECDN=false
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
-      - CMD_DB_HOST=postgres
+      - CMD_DB_HOST=db
       - CMD_DB_PASSWORD_FILE=/run/secrets/db_password
       - CMD_EMAIL  # Email login enabled?
     depends_on:
-      - postgres
+      - db
     networks:
       - proxy
       - internal
@@ -35,8 +22,8 @@ services:
       - db_password
     entrypoint: /docker-entrypoint2.sh
     configs:
-      - source: entrypoint2_conf
-        target: /docker-entrypoint2.sh
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
         mode: 0555
     deploy:
       restart_policy:
@@ -49,6 +36,9 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
     healthcheck:
       test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
       interval: 30s
@@ -56,6 +46,20 @@ services:
       retries: 10
       start_period: 1m
 
+  db:
+    image: postgres:11.6-alpine
+    environment:
+      - POSTGRES_USER=codimd
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_DB=codimd
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    secrets:
+      - db_password
+    networks:
+      - internal
+
+
 volumes:
   postgres:
   codimd_uploads:
@@ -71,7 +75,7 @@ networks:
   internal:
 
 configs:
-  entrypoint2_conf:
-    name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION}
+  entrypoint_conf:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index e087e67..284d458 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -36,6 +36,7 @@ main
 
 export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST/$CMD_DB_NAME
 
+# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
 if [ ! "${1-}" == "-e" ]; then
 	# 3wc: upstream ENTRYPOINT
 	# https://github.com/hackmdio/codimd/blob/develop/deployments/Dockerfile