diff --git a/Dockerfile.nipapd b/Dockerfile.nipapd
index a82f8cf57..47f919e71 100644
--- a/Dockerfile.nipapd
+++ b/Dockerfile.nipapd
@@ -69,7 +69,15 @@ WORKDIR /nipap
 RUN pip3 --no-input install --break-system-packages --no-cache-dir envtpl==0.7.2 \
  && pip3 --no-input install -I --break-system-packages --no-cache-dir '.[instrumentation,ldap_auth]'
 
+# Create non-root user and set up directories with correct permissions
+RUN groupadd -r -g 10000 nipap && useradd -r -u 10000 -g nipap nipap \
+ && mkdir -p /etc/nipap \
+ && chown -R nipap:nipap /etc/nipap \
+ && chown -R nipap:nipap /nipap
+
 EXPOSE 1337
 ENV LISTEN_ADDRESS=0.0.0.0 LISTEN_PORT=1337 SYSLOG=false DB_PORT=5432 DB_SSLMODE=disable DB_NAME=nipap
 
+USER nipap:nipap
+
 ENTRYPOINT ["/nipap/entrypoint.sh"]
diff --git a/Dockerfile.www b/Dockerfile.www
index 7d16fa9da..d4d9ec207 100644
--- a/Dockerfile.www
+++ b/Dockerfile.www
@@ -68,7 +68,19 @@ RUN pip3 --no-input install --break-system-packages --no-cache-dir ./pynipap/ &&
     pip3 --no-input install --break-system-packages --no-cache-dir './nipap-www/[instrumentation,ldap_auth]' && \
     mkdir -p /etc/nipap/www/ && cp ./nipap-www/nipap-www.wsgi /etc/nipap/www/
 
-EXPOSE 80
+# Create non-root user and configure Apache to run as non-root on port 8080
+RUN groupadd -r -g 10000 nipap && useradd -r -u 10000 -g nipap nipap \
+ && mkdir -p /var/run/apache2 /var/lock/apache2 /var/log/apache2 \
+ && chown -R nipap:nipap /var/run/apache2 /var/lock/apache2 /var/log/apache2 \
+ && chown -R nipap:nipap /etc/nipap \
+ && chown -R nipap:nipap /nipap-www \
+ && chown -R nipap:nipap /etc/apache2 \
+ && sed -i 's/Listen 80/Listen 8080/' /etc/apache2/ports.conf \
+ && sed -i 's/:80/:8080/' /etc/apache2/sites-available/000-default.conf
+
+EXPOSE 8080
 VOLUME [ "/var/log/apache2" ]
 
+USER nipap
+
 ENTRYPOINT [ "/nipap-www/entrypoint.sh" ]
diff --git a/nipap-www/entrypoint.sh b/nipap-www/entrypoint.sh
index d5a878e01..d1a2afb63 100755
--- a/nipap-www/entrypoint.sh
+++ b/nipap-www/entrypoint.sh
@@ -20,7 +20,7 @@ fi
 
 # Configure apache
 cat << EOF > /etc/apache2/sites-available/000-default.conf
-<VirtualHost *:80>
+<VirtualHost *:8080>
     WSGIScriptAlias / /etc/nipap/www/nipap-www.wsgi
     ErrorLog \${APACHE_LOG_DIR}/error.log
     CustomLog \${APACHE_LOG_DIR}/access.log combined