diff --git a/Dockerfile b/Dockerfile
index c74b71a..9f67ee4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,13 @@
-FROM alpine
+FROM nginx:stable-alpine AS builder
 
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
     /tmp/compile.sh && \
     rm -rf /tmp/*
 
+FROM nginx:stable-alpine
+
+COPY --from=builder /*.so /usr/local/nginx/modules/
 COPY entrypoint.sh /opt/entrypoint.sh
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
@@ -14,8 +17,7 @@ COPY lua/ /opt/lua
 
 RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
     chmod +x /opt/entrypoint.sh /opt/scripts/* && \
-    mkdir /opt/entrypoint.d && \
-    adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
+    mkdir /opt/entrypoint.d
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
 
diff --git a/Dockerfile-amd64 b/Dockerfile-amd64
index ca306ab..8aa93da 100644
--- a/Dockerfile-amd64
+++ b/Dockerfile-amd64
@@ -1,10 +1,13 @@
-FROM amd64/alpine
+FROM amd64/nginx:stable-alpine AS builder
 
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
     /tmp/compile.sh && \
     rm -rf /tmp/*
 
+FROM amd64/nginx:stable-alpine
+
+COPY --from=builder /*.so /usr/local/nginx/modules/
 COPY entrypoint.sh /opt/entrypoint.sh
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
@@ -14,8 +17,7 @@ COPY lua/ /opt/lua
 
 RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
     chmod +x /opt/entrypoint.sh /opt/scripts/* && \
-    mkdir /opt/entrypoint.d && \
-    adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
+    mkdir /opt/entrypoint.d
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
 
diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7
index 84a7bcd..f9414b3 100644
--- a/Dockerfile-arm32v7
+++ b/Dockerfile-arm32v7
@@ -1,17 +1,17 @@
-FROM alpine AS builder
+FROM arm32v7/nginx:stable-alpine AS builder
 
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-arm.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM arm32v7/alpine
-
-COPY --from=builder qemu-arm-static /usr/bin
-
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
     /tmp/compile.sh && \
     rm -rf /tmp/*
 
+FROM arm32v7/nginx:stable-alpine
+
+COPY --from=builder qemu-arm-static /usr/bin
+COPY --from=builder /*.so /usr/local/nginx/modules/
 COPY entrypoint.sh /opt/entrypoint.sh
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
@@ -21,8 +21,7 @@ COPY lua/ /opt/lua
 
 RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
     chmod +x /opt/entrypoint.sh /opt/scripts/* && \
-    mkdir /opt/entrypoint.d && \
-    adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
+    mkdir /opt/entrypoint.d
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
 
diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8
index 1aaaaaf..36a73ef 100644
--- a/Dockerfile-arm64v8
+++ b/Dockerfile-arm64v8
@@ -1,17 +1,17 @@
-FROM alpine AS builder
+FROM arm64v8/nginx:stable-alpine AS builder
 
 ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v4.0.0%2Bbalena2/qemu-4.0.0.balena2-aarch64.tar.gz
 RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1
 
-FROM arm64v8/alpine
-
-COPY --from=builder qemu-aarch64-static /usr/bin
-
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
     /tmp/compile.sh && \
     rm -rf /tmp/*
 
+FROM arm64v8/nginx:stable-alpine
+
+COPY --from=builder qemu-aarch64-static /usr/bin
+COPY --from=builder /*.so /usr/local/nginx/modules/
 COPY entrypoint.sh /opt/entrypoint.sh
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
@@ -21,8 +21,7 @@ COPY lua/ /opt/lua
 
 RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
     chmod +x /opt/entrypoint.sh /opt/scripts/* && \
-    mkdir /opt/entrypoint.d && \
-    adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
+    mkdir /opt/entrypoint.d
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
 
diff --git a/Dockerfile-i386 b/Dockerfile-i386
index f9e817d..db7c23f 100644
--- a/Dockerfile-i386
+++ b/Dockerfile-i386
@@ -1,10 +1,13 @@
-FROM i386/alpine
+FROM i386/nginx:stable-alpine AS builder
 
 COPY compile.sh /tmp/compile.sh
 RUN chmod +x /tmp/compile.sh && \
     /tmp/compile.sh && \
     rm -rf /tmp/*
 
+FROM i386/nginx:stable-alpine
+
+COPY --from=builder /*.so /usr/local/nginx/modules/
 COPY entrypoint.sh /opt/entrypoint.sh
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
@@ -14,8 +17,7 @@ COPY lua/ /opt/lua
 
 RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog openssl lua libgd && \
     chmod +x /opt/entrypoint.sh /opt/scripts/* && \
-    mkdir /opt/entrypoint.d && \
-    adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
+    mkdir /opt/entrypoint.d
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs
 
diff --git a/compile.sh b/compile.sh
index f073cec..40be258 100644
--- a/compile.sh
+++ b/compile.sh
@@ -76,16 +76,16 @@ git clone https://github.com/openresty/lua-nginx-module.git
 export LUAJIT_LIB=/usr/local/lib
 export LUAJIT_INC=/usr/local/include/luajit-2.1
 
-# compile and install nginx
+# compile and install dynamic modules
 cd /tmp
-VERSION="1.18.0"
-wget https://nginx.org/download/nginx-${VERSION}.tar.gz
-tar -xvzf nginx-${VERSION}.tar.gz
-cd nginx-${VERSION}
-./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx/nginx.pid --modules-path=/usr/lib/nginx/modules --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --add-module=/tmp/ModSecurity-nginx --add-module=/tmp/headers-more-nginx-module --add-module=/tmp/ngx_http_geoip2_module --add-module=/tmp/nginx_cookie_flag_module --add-module=/tmp/lua-nginx-module
-make -j $NTASK
-make install
-strip /usr/sbin/nginx
+wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
+tar -xvzf nginx-${NGINX_VERSION}.tar.gz
+cd nginx-$NGINX_VERSION
+CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')
+CONFARGS=${CONFARGS/-Os -fomit-frame-pointer/-Os}
+./configure $CONFARGS --add-dynamic-module=/tmp/ModSecurity-nginx --add-dynamic-module=/tmp/headers-more-nginx-module --add-dynamic-module=/tmp/ngx_http_geoip2_module --add-dynamic-module=/tmp/nginx_cookie_flag_module --add-dynamic-module=/tmp/lua-nginx-module
+make -j $NTASK modules
+cp ./objs/*.so /
 
 # remove build dependencies
 apk del build
diff --git a/confs/nginx.conf b/confs/nginx.conf
index 9ef6b65..b931e46 100644
--- a/confs/nginx.conf
+++ b/confs/nginx.conf
@@ -1,5 +1,13 @@
 # /etc/nginx/nginx.conf
 
+# load dynamic modules
+load_module /usr/local/nginx/modules/ngx_http_cookie_flag_filter_module.so;
+load_module /usr/local/nginx/modules/ngx_http_geoip2_module.so;
+load_module /usr/local/nginx/modules/ngx_http_headers_more_filter_module.so;
+load_module /usr/local/nginx/modules/ngx_http_lua_module.so;
+load_module /usr/local/nginx/modules/ngx_http_modsecurity_module.so;
+load_module /usr/local/nginx/modules/ngx_stream_geoip2_module.so;
+
 # run as daemon
 daemon on;