diff --git a/docker-compose.yml b/docker-compose.yml
index b7e5656c5..51393c181 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,7 @@ services:
     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.17.7_2022-02-10}
     environment:
       FAKE_DNS: 10.77.77.77
-      BOULDER_CONFIG_DIR: test/config
+      BOULDER_CONFIG_DIR: labca/config
       GOFLAGS: -mod=vendor
       # Go 1.18 turns off SHA-1 validation on CSRs (and certs, but that doesn't
       # affect us). It also turns off TLS 1.0 and TLS 1.1. Temporarily go back
@@ -17,6 +17,7 @@ services:
       GODEBUG: x509sha1=1,tls10default=1
     volumes:
       - .:/boulder:cached
+      - /home/labca/boulder_labca:/boulder/labca
       - ./.gocache:/root/.cache/go-build:cached
       - ./.hierarchy:/hierarchy/:cached
       - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
@@ -32,17 +33,25 @@ services:
     # special logic there that will return multiple IP addresses for
     # service names.
     dns: 10.77.77.77
-    ports:
-      - 4001:4001 # ACMEv2
-      - 4002:4002 # OCSP
-      - 4003:4003 # OCSP
+    expose:
+      - 4001 # ACMEv2
+      - 4002 # OCSP
+      - 4003 # OCSP
     depends_on:
       - bmysql
-    entrypoint: test/entrypoint.sh
+    entrypoint: labca/entrypoint.sh
     working_dir: &boulder_working_dir /boulder
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
 
   bmysql:
     image: mariadb:10.5
+    volumes:
+      - dbdata:/var/lib/mysql
     networks:
       bluenet:
         aliases:
@@ -56,21 +65,51 @@ services:
     # small.
     command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
     logging:
-        driver: none
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
 
 
-  netaccess:
+  labca:
     image: *boulder_image
-    environment:
-        GO111MODULE: "on"
-        GOFLAGS: -mod=vendor
-        BOULDER_CONFIG_DIR: test/config
     networks:
       - bluenet
     volumes:
+      - /home/labca/admin:/go/src/labca
+      - ./.gocache:/root/.cache/go-build
+      - /home/labca/nginx_data/static:/wwwstatic
       - .:/boulder
-    working_dir: *boulder_working_dir
-    entrypoint: test/entrypoint-netaccess.sh
+      - /home/labca/boulder_labca:/boulder/labca
+    expose:
+      - 3000
+    depends_on:
+      - bmysql
+    working_dir: /go/src/labca
+    command: ./setup.sh
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
+
+  nginx:
+    image: nginx:1.21.6
+    restart: always
+    networks:
+      - bluenet
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
+      - /home/labca/nginx_data/ssl:/etc/nginx/ssl
+      - /home/labca/nginx_data/static:/var/www/html
+
+volumes:
+  dbdata:
 
 networks:
   bluenet: