diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 7c923a6a59f9..7ef5a85032c2 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -126,7 +126,7 @@ services:
   web_haproxy:
     profiles: [ "ol-www0" ]
     image: haproxy:2.3.5
-    restart: always
+    restart: unless-stopped
     hostname: "$HOSTNAME"
     networks:
       - webnet
@@ -140,7 +140,7 @@ services:
         max-file: "4"
   web_nginx:
     profiles: [ "ol-www0" ]
-    restart: always
+    restart: unless-stopped
     hostname: "ol-www0" # always want this hostname (or nginx backups will be misnamed)
     image: "${OLIMAGE:-openlibrary/olbase:latest}"
     user: root
@@ -150,8 +150,9 @@ services:
     volumes:
       # nginx configurations
       - ./docker/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ../olsystem/etc/nginx/sites-available/default-docker.conf:/etc/nginx/sites-enabled/default:ro
       - ./docker/web_nginx.conf:/etc/nginx/sites-enabled/openlibrary.conf:ro
+      # Needed for HTTPS, since this is a public server
+      - ./docker/public_nginx.conf:/etc/nginx/sites-available/public_nginx.conf:ro
       # archive web log uploads
       - ../olsystem:/olsystem
       # web log rotation
diff --git a/docker/web_nginx.conf b/docker/web_nginx.conf
index 7d4ae609882e..727b919bd12c 100644
--- a/docker/web_nginx.conf
+++ b/docker/web_nginx.conf
@@ -17,8 +17,7 @@ upstream webnodes {
 }
 
 server {
-    listen       80;
-    listen      443;
+    include /etc/nginx/sites-available/public_nginx.conf;
     server_name  openlibrary.org;
 
     # Set the referrer policy so browsers send referrers to our own servers
@@ -88,9 +87,7 @@ server {
 }
 
 server {
-    listen       80;
-    listen       443;
-
+    include /etc/nginx/sites-available/public_nginx.conf;
     server_name www.openlibrary.org *.openlibrary.org;
 
     rewrite ^(.*)$ http://openlibrary.org$1 permanent;