diff --git a/.env.portainer.example b/.env.portainer.example
new file mode 100644
index 0000000..5dda750
--- /dev/null
+++ b/.env.portainer.example
@@ -0,0 +1,15 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=change-me
+POSTGRES_DB=toir
+POSTGRES_PORT=5432
+
+CORS_ALLOWED_ORIGINS=https://toir.example.ru
+
+KEYCLOAK_ISSUER_URL=https://sso.example.ru/realms/toir
+KEYCLOAK_AUDIENCE=toir-backend
+KEYCLOAK_JWKS_URL=
+
+VITE_API_URL=/api
+VITE_KEYCLOAK_URL=https://sso.example.ru
+VITE_KEYCLOAK_REALM=toir
+VITE_KEYCLOAK_CLIENT_ID=toir-frontend
diff --git a/docker-compose.yml b/docker-compose.yml
index 9f5a268..156d278 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     restart: unless-stopped
     environment:
       POSTGRES_USER: ${POSTGRES_USER:-postgres}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-change-me}
       POSTGRES_DB: ${POSTGRES_DB:-toir}
     healthcheck:
       test:
@@ -35,11 +35,23 @@ services:
         condition: service_healthy
     environment:
       PORT: 3000
-      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-toir}
-      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-https://toir.example.ru}
-      KEYCLOAK_ISSUER_URL: ${KEYCLOAK_ISSUER_URL}
-      KEYCLOAK_AUDIENCE: ${KEYCLOAK_AUDIENCE}
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-change-me}@postgres:5432/${POSTGRES_DB:-toir}
+      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:8080,https://toir.greact.ru}
+      KEYCLOAK_ISSUER_URL: ${KEYCLOAK_ISSUER_URL:-https://sso.greact.ru/realms/toir}
+      KEYCLOAK_AUDIENCE: ${KEYCLOAK_AUDIENCE:-toir-backend}
       KEYCLOAK_JWKS_URL: ${KEYCLOAK_JWKS_URL:-}
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "node",
+          "-e",
+          "fetch('http://127.0.0.1:3000/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))",
+        ]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
     expose:
       - "3000"
     networks:
@@ -52,13 +64,22 @@ services:
       dockerfile: Dockerfile
       args:
         VITE_API_URL: ${VITE_API_URL:-/api}
-        VITE_KEYCLOAK_URL: ${VITE_KEYCLOAK_URL}
-        VITE_KEYCLOAK_REALM: ${VITE_KEYCLOAK_REALM}
-        VITE_KEYCLOAK_CLIENT_ID: ${VITE_KEYCLOAK_CLIENT_ID}
+        VITE_KEYCLOAK_URL: ${VITE_KEYCLOAK_URL:-https://sso.greact.ru}
+        VITE_KEYCLOAK_REALM: ${VITE_KEYCLOAK_REALM:-toir}
+        VITE_KEYCLOAK_CLIENT_ID: ${VITE_KEYCLOAK_CLIENT_ID:-toir-frontend}
     container_name: toir-client
     restart: unless-stopped
     depends_on:
-      - server
+      server:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/healthz >/dev/null 2>&1 || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+    ports:
+      - "${CLIENT_PORT:-8080}:80"
     expose:
       - "80"
     networks:
diff --git a/server/Dockerfile b/server/Dockerfile
index 88c445d..80780c9 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -34,4 +34,4 @@ COPY --from=build /app/dist ./dist
 
 EXPOSE 3000
 
-CMD ["sh", "-c", "npx prisma migrate deploy && node dist/main.js"]
+CMD ["sh", "-c", "npx prisma migrate deploy && node dist/src/main.js"]
diff --git a/server/package.json b/server/package.json
index b6a8ae9..b7206a3 100644
--- a/server/package.json
+++ b/server/package.json
@@ -11,7 +11,7 @@
     "start": "nest start",
     "start:dev": "nest start --watch",
     "start:debug": "nest start --debug --watch",
-    "start:prod": "node dist/main.js",
+    "start:prod": "node dist/src/main.js",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
     "test": "jest",
     "test:watch": "jest --watch",