diff --git a/media/docker-compose.yml b/media/docker-compose.yml
index 8a699df..c4bb361 100644
--- a/media/docker-compose.yml
+++ b/media/docker-compose.yml
@@ -1,20 +1,28 @@
-#docker run -d -v /srv/jellyfin/config:/config -v /srv/jellyfin/cache:/cache -v /media:/media --net=host jellyfin/jellyfin:latest
-
 services:
   jellyfin:
     image: jellyfin/jellyfin:latest
-    # Network mode of 'host' exposes the ports on the host. This is needed for DLNA access.
     network_mode: host
     restart: unless-stopped
-    group_add: # by id as these may not exist within the container. Needed to provide permissions to the VAAPI Devices
+    group_add:
       - '107' #render
       - '44' #video
     volumes:
       - ${VOLUMES_PATH}/jellyfin/config:/config
       - ${VOLUMES_PATH}/jellyfin/cache:/cache
-      - ${SERIEN_PATH}:/mnt/serien
-      - ${FILME_PATH}:/mnt/filme
-      - ${MUSIK_PATH}:/mnt/musik
+      - type: bind
+        source: ${SERIEN_PATH}
+        target: /media/series
+      - type: bind
+        source: ${FILME_PATH}
+        target: /media/movies
+      - type: bind
+        source: ${MUSIK_PATH}
+        target: /media/music
+    environment:
+      - JELLYFIN_PublishedServerUrl=http://jellyfin.${DOMAIN}
+    extra_hosts:
+      - 'host.docker.internal:host-gateway'
+
 #    devices:
 #      # VAAPI Devices
 #      - /dev/dri/renderD128:/dev/dri/renderD128
@@ -24,18 +32,12 @@ services:
       - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
       - "traefik.http.routers.jellyfin.entrypoints=web"
       - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
-      #### The customResponseHeaders option lists the Header names and values to apply to the response.
       - 'traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex'
-      #### Set sslForceHost to true and set SSLHost to forced requests to use SSLHost even the ones that are already using SSL.
-      #### Note that this uses SSLHost verbatim, so add the port to SSLHost if you are using an alternate port.
-      #### Set frameDeny to true to add the X-Frame-Options header with the value of DENY.
       - 'traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true'
-      #### Set contentTypeNosniff to true to add the X-Content-Type-Options header with the value nosniff.
       - 'traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true'
-      #### Set browserXssFilter to true to add the X-XSS-Protection header with the value 1; mode=block.
+      - 'traefik.http.middlewares.jellyfin-mw.headers.customresponseheaders.X-XSS-PROTECTION=1'
       - 'traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true'
-      #### The customFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value. This
-      #### overrides the FrameDeny option.
       - "traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from http://jellyfin.${DOMAIN}'"
+      - "traefik.http.middlewares.jellyfin-mw.headers.customrequestheaders.X-Forwarded-Proto: https"
       - 'traefik.http.routers.jellyfin.middlewares=jellyfin-mw'
       - "docker.group=media"