diff --git a/compose.yml b/compose.yml
index bbcb0a4..cafc2f0 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,5 +1,6 @@
 name: traefik_secure
 services:
+
   socket-proxy:
     image: dockerproxy
     build:
@@ -10,8 +11,14 @@ services:
       - 8000:8000
     networks:
       - traefik
+      - socket_proxy
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
     restart: unless-stopped
     environment:
       - ALLOWED_NETWORKS=traefik_secure_traefik
@@ -39,6 +46,7 @@ services:
       - "8080:8080"
     networks:
       - traefik
+      - socket_proxy
     depends_on:
       - socket-proxy
     restart: unless-stopped
@@ -51,4 +59,8 @@ services:
       - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
       - "traefik.http.routers.whoami.entrypoints=web"
 networks:
-  traefik:
+  traefik: {}
+  socket_proxy:
+    driver: bridge
+    internal: true
+    enable_ipv6: false