diff --git a/compose.oidc.yml b/compose.oidc.yml
index 7700cab..154a9db 100644
--- a/compose.oidc.yml
+++ b/compose.oidc.yml
@@ -4,16 +4,12 @@ version: "3.8"
 services:
   app:
     environment:
-      # - PENPOT_OIDC_CLIENT_ID
-      - PENPOT_GITHUB_CLIENT_ID=af6c1b2e4709ede26aa8
+      - PENPOT_OIDC_CLIENT_ID
   penpot-backend:
     environment:
-      # - PENPOT_OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
-      # - PENPOT_OIDC_CLIENT_ID
-      # - PENPOT_OIDC_BASE_URI
-      # - PENPOT_OIDC_CLIENT_SECRET=cdbafaf5-eec7-424d-8449-4393481cba2a
-      - PENPOT_GITHUB_CLIENT_ID=af6c1b2e4709ede26aa8
-      - PENPOT_GITHUB_CLIENT_SECRET=a4faabb76fb5e1916328498af202fe85a81873fd
+      - PENPOT_OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
+      - PENPOT_OIDC_CLIENT_ID
+      - PENPOT_OIDC_BASE_URI
     secrets:
       - oidc_client_secret
 
diff --git a/compose.yml b/compose.yml
index 1428b94..b828604 100644
--- a/compose.yml
+++ b/compose.yml
@@ -18,6 +18,7 @@ x-environment:
   - PENPOT_SMTP_USERNAME
   - PENPOT_SMTP_TLS
   - PENPOT_SMTP_SSL
+  - PENPOT_PUBLIC_URI=https://${DOMAIN}
 
 services:
   app:
@@ -31,13 +32,8 @@ services:
       - penpot-backend
       - penpot-exporter
     environment: *default-env
-    entrypoint: /entrypoint.override.sh
     secrets:
       - db_password
-    configs:
-      - source: app_entrypoint
-        target: /entrypoint.override.sh
-        mode: 0555
     deploy:
       restart_policy:
         condition: on-failure
diff --git a/entrypoint-app.sh b/entrypoint-app.sh
deleted file mode 100644
index a4470a3..0000000
--- a/entrypoint-app.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/env bash
-
-file_env() {
-	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
-	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
-	local var="$1"
-	local fileVar="${var}_FILE"
-	local def="${2:-}"
-
-	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-		exit 1
-	fi
-	local val="$def"
-	if [ "${!var:-}" ]; then
-		val="${!var}"
-	elif [ "${!fileVar:-}" ]; then
-		val="$(< "${!fileVar}")"
-	fi
-	export "$var"="$val"
-	unset "$fileVar"
-}
-
-load_vars() {
-	file_env "PENPOT_DATABASE_PASSWORD"
-	file_env "PENPOT_SMTP_PASSWORD"
-	file_env "PENPOT_LDAP_BIND_PASSWORD"
-	file_env "PENPOT_GOOGLE_CLIENT_SECRET"
-	file_env "PENPOT_GITHUB_CLIENT_SECRET"
-	file_env "PENPOT_GITLAB_CLIENT_SECRET"
-	file_env "PENPOT_OIDC_CLIENT_SECRET"
-}
-
-main() {
-	set -eu
-
-	load_vars
-}
-
-main
-
-# 3wc: upstream ENTRYPOINT
-# https://github.com/penpot/penpot/blob/develop/docker/images/Dockerfile.frontend
-/docker-entrypoint.sh nginx -g "daemon off;"