diff --git a/Dockerfile b/Dockerfile
index 53037cb05..a5930aec0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -97,17 +97,17 @@ RUN set -ex \
 
 FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base
 
-ARG APT_PACKAGES_EXTRA
 ARG BUILDKIT_SBOM_SCAN_STAGE="true"
+
+ARG APT_PACKAGES_EXTRA
+ARG DOTENV_LINTER_VERSION
 ARG PHP_DEBIAN_RELEASE
 ARG PHP_VERSION
 ARG RUNTIME_GID
 ARG RUNTIME_UID
 ARG TARGETPLATFORM
-ARG DOTENV_LINTER_VERSION
 
 ENV DEBIAN_FRONTEND="noninteractive"
-ENV DOTENV_LINTER_VERSION="${DOTENV_LINTER_VERSION}"
 
 # Ensure we run all scripts through 'bash' rather than 'sh'
 SHELL ["/bin/bash", "-c"]
@@ -119,6 +119,7 @@ RUN set -ex \
 WORKDIR /var/www/
 
 ENV APT_PACKAGES_EXTRA=${APT_PACKAGES_EXTRA}
+ENV DOTENV_LINTER_VERSION="${DOTENV_LINTER_VERSION}"
 
 # Install and configure base layer
 COPY docker/shared/root/docker/install/base.sh /docker/install/base.sh
@@ -148,7 +149,7 @@ ENV PHP_PECL_EXTENSIONS_EXTRA=${PHP_PECL_EXTENSIONS_EXTRA}
 ENV PHP_PECL_EXTENSIONS=${PHP_PECL_EXTENSIONS}
 
 COPY docker/shared/root/docker/install/php-extensions.sh /docker/install/php-extensions.sh
-RUN --mount=type=cache,id=pixelfed-php-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/usr/src/php/ \
+RUN --mount=type=cache,id=pixelfed-php-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/usr/src/php \
     --mount=type=cache,id=pixelfed-apt-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/lib/apt \
 	--mount=type=cache,id=pixelfed-apt-cache-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/cache/apt \
     /docker/install/php-extensions.sh
diff --git a/docker-compose.yml b/docker-compose.yml
index 02024c390..ba1a211c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -53,12 +53,12 @@ services:
     depends_on:
       - proxy
     volumes:
-      - "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
+      - "${DOCKER_CONFIG_ROOT}/proxy-acme:/etc/acme.sh"
+      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
       - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
       - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
-      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
       - "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
-      - "${DOCKER_DATA_ROOT}/proxy-acme:/etc/acme.sh"
+      - "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
 
   web:
     image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
@@ -131,7 +131,7 @@ services:
     image: redis:7.2
     container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
     restart: unless-stopped
-    command: "${DOCKER_REDIS_CONFIG_FILE} --requirepass '${REDIS_PASSWORD:-}'"
+    command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'"
     environment:
       - REDISCLI_AUTH=${REDIS_PASSWORD:-}
     env_file:
diff --git a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh b/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh
index 41e28b5ae..a3582932b 100755
--- a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh
+++ b/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh
@@ -19,6 +19,10 @@ fi
 load-config-files
 await-database-ready
 
+# Following https://docs.pixelfed.org/running-pixelfed/installation/#one-time-setup-tasks
+#
+# NOTE: Caches happens in [30-cache.sh]
+
 only-once "key:generate" run-as-runtime-user php artisan key:generate
 only-once "storage:link" run-as-runtime-user php artisan storage:link
 only-once "initial:migrate" run-as-runtime-user php artisan migrate --force