diff --git a/Dockerfile b/Dockerfile
index 6eb022dc..15afbb55 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -75,10 +75,15 @@ COPY docker/activate_this.py ${BIGMON_VIRTUALENV_PATH}/bin/activate_this.py
 COPY docker/start-daemon.sh /usr/local/bin/
 COPY docker/conf.d/*.conf /etc/httpd/conf.d/
 
+
 # symlinks to allow late customization
 RUN ln -fs ${BIGMON_WSGI_PATH}/config/local.py ${BIGMON_WSGI_PATH}/core/settings/local.py
 
 # to work with non-root
+RUN grep -v Listen /etc/httpd/conf/httpd.conf > /etc/httpd/conf/tmp; \
+    echo Listen 8080 > /etc/httpd/conf/httpd.conf; \
+    cat /etc/httpd/conf/tmp >> /etc/httpd/conf/httpd.conf; \
+    rm /etc/httpd/conf/tmp
 RUN chmod 777 ${BIGMON_WSGI_PATH}/logs
 RUN chmod 777 /var/log/httpd
 RUN chmod 777 /etc/grid-security
@@ -90,13 +95,10 @@ RUN chmod -R 777 /etc/httpd/conf.d
 # to be removed for prodiction
 RUN chmod -R 777 ${BIGMON_WSGI_PATH} && chmod -R 777 ${BIGMON_VIRTUALENV_PATH}
 
-# to grant low port number access to non-root
-RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/httpd
-
 ENTRYPOINT ["start-daemon.sh"]
 
 
 STOPSIGNAL SIGINT
 
-EXPOSE 443
+EXPOSE 8443 8080
 CMD ["all"]
diff --git a/docker/conf.d/25-port443-httpd.conf b/docker/conf.d/25-port443-httpd.conf
index 3f302e5a..ac778fe9 100644
--- a/docker/conf.d/25-port443-httpd.conf
+++ b/docker/conf.d/25-port443-httpd.conf
@@ -3,7 +3,7 @@
 # Managed by Puppet
 # ************************************
 # 
-<VirtualHost *:443>
+<VirtualHost *:8443>
 
   ## Vhost docroot
   DocumentRoot "/var/www/html"
diff --git a/docker/conf.d/25-port80-httpd.conf b/docker/conf.d/25-port80-httpd.conf
index be4a4bd8..b9d9f171 100644
--- a/docker/conf.d/25-port80-httpd.conf
+++ b/docker/conf.d/25-port80-httpd.conf
@@ -3,7 +3,7 @@
 # Managed by Puppet
 # ************************************
 # 
-<VirtualHost *:80>
+<VirtualHost *:8080>
 
   ## Vhost docroot
   DocumentRoot "/var/www/html"
diff --git a/docker/conf.d/ssl-httpd.conf b/docker/conf.d/ssl-httpd.conf
index 26bd796b..e14ff64d 100644
--- a/docker/conf.d/ssl-httpd.conf
+++ b/docker/conf.d/ssl-httpd.conf
@@ -1,4 +1,4 @@
-Listen 443
+Listen 8443
 
 <IfModule mod_ssl.c>
   SSLRandomSeed startup builtin