diff --git a/.env.sample b/.env.sample
index f104582..6b8a695 100644
--- a/.env.sample
+++ b/.env.sample
@@ -10,8 +10,6 @@ DOMAIN=uptime-kuma.example.com
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 
-## Enable mariadb, otherwise sqlite will be used
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
 
-# only for testing branches of uptime-kuma
-#UPTIME_KUMA_GH_REPO=<branch name>
\ No newline at end of file
+## Enable mariadb
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
diff --git a/README.md b/README.md
index d354e31..b57b883 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
 * **Category**: Utilities
 * **Features**: ?
 * **Image**: [`uptime-kuma`](https://hub.docker.com/r/uptime-kuma), 4, upstream
-* **Healthcheck**: Yes
+* **Healthcheck**: No
 * **Backups**: Yes
 * **Email**: No
 * **Tests**: No
diff --git a/compose.mariadb.yml b/compose.mariadb.yml
index 585a8ee..34b3e55 100644
--- a/compose.mariadb.yml
+++ b/compose.mariadb.yml
@@ -5,9 +5,8 @@ services:
   app:
     secrets:
       - db_password
-    networks:
-      - internal
     environment:
+      - UPTIME_KUMA_GH_REPO=louislam:uptime-kuma
       - UPTIME_KUMA_DB_TYPE=mariadb
       - UPTIME_KUMA_DB_HOSTNAME=db
       - UPTIME_KUMA_DB_PORT=3306
@@ -31,25 +30,10 @@ services:
     secrets:
       - db_password
       - db_root_password
-    deploy:
-      labels:
-        backupbot.backup: "${ENABLE_BACKUPS:-true}"
-        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" kuma | gzip > /var/lib/mysql/dump.sql.gz"
-        backupbot.backup.volumes.mariadb.path: "dump.sql.gz"
-        backupbot.restore.post-hook: "gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" kuma < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql"
-    healthcheck:
-      test: ["CMD-SHELL", 'mariadb-admin -p"$$(cat $MYSQL_ROOT_PASSWORD_FILE)"  ping']
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
 
 volumes:
   mariadb:
 
-networks:
-  internal:
-
 secrets:
   db_password:
     external: true
diff --git a/compose.yml b/compose.yml
index bd6ce4c..15433c4 100644
--- a/compose.yml
+++ b/compose.yml
@@ -6,38 +6,79 @@ services:
     image: louislam/uptime-kuma:2.2.1
     volumes:
       - data:/app/data
+    secrets:
+      - db_password
     networks:
+      - internal
       - proxy
     environment:
-      - UPTIME_KUMA_GH_REPO
+      - UPTIME_KUMA_GH_REPO=louislam:uptime-kuma
       - UPTIME_KUMA_DB_TYPE=sqlite
+    depends_on:
+      - db
     configs:
       - source: app_entrypoint
         target: /docker-entrypoint.sh
         mode: 0555
     entrypoint: /docker-entrypoint.sh
     deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
       labels:
         - "traefik.enable=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3001"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        ## Redirect from EXTRA_DOMAINS to DOMAIN
+        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "coop-cloud.${STACK_NAME}.version=2.0.0+2.0.0-beta.1"
-        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
     healthcheck:
       test: "curl -L localhost:3001"
       interval: 30s
       timeout: 10s 
       retries: 5 
       start_period: 2m
+  db:
+    image: mariadb:11.8
+    environment:
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_USER=kuma
+      - MYSQL_DATABASE=kuma
+    volumes:
+      - mariadb:/var/lib/mysql
+    networks:
+      - internal
+    secrets:
+      - db_password
+      - db_root_password
+    deploy:
+      labels:
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" kuma | gzip > /var/lib/mysql/dump.sql.gz"
+        backupbot.backup.volumes.mariadb.path: "dump.sql.gz"
+        backupbot.restore.post-hook: "gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" kuma < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql"
 
 volumes:
+  mariadb:
   data:
 
 networks:
   proxy:
     external: true
+  internal:
+
+secrets:
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
 
 configs:
   app_entrypoint:
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 1677f98..d632eab 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -24,7 +24,7 @@ file_env() {
    unset "$fileVar"
 }
 
-#file_env "UPTIME_KUMA_DB_PASSWORD"
+file_env "UPTIME_KUMA_DB_PASSWORD"
 
 # upstream startup command
 cd /app