diff --git a/Dockerfile b/Dockerfile
index f87313c..4609512 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,4 +20,4 @@ COPY --from=build "/sslh/sslh-select" "/usr/local/bin/sslh"
 
 RUN apk --no-cache add libconfig pcre2
 
-ENTRYPOINT [ "/usr/local/bin/sslh", "--foreground" ]
+ENTRYPOINT [ "/usr/local/bin/sslh" ]
diff --git a/README.md b/README.md
index 4781c01..97186e5 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ protocol that can be tested using a regular expression, can
 be recognised. A typical use case is to allow serving
 several services on port 443 (e.g. to connect to SSH from
 inside a corporate firewall, which almost never block port
-443) while still serving HTTPS on that port. 
+443) while still serving HTTPS on that port.
 
 Hence `sslh` acts as a protocol demultiplexer, or a
 switchboard. With the SNI and ALPN probe, it makes a good
@@ -20,8 +20,8 @@ address.
 
 `sslh` has the bells and whistles expected from a mature
 daemon: privilege and capabilities dropping, inetd support,
-systemd support, transparent proxying, chroot, logging, 
-IPv4 and IPv6, TCP and UDP, a fork-based and a select-based 
+systemd support, transparent proxying, chroot, logging,
+IPv4 and IPv6, TCP and UDP, a fork-based and a select-based
 model, and more.
 
 Install
@@ -50,6 +50,7 @@ docker run \
   --rm \
   -it \
   ghcr.io/yrutschle/sslh:latest \
+  --foreground \
   --listen=0.0.0.0:443 \
   --ssh=hostname:22 \
   --tls=hostname:443
@@ -66,7 +67,7 @@ services:
     hostname: sslh
     ports:
       - 443:443
-    command: --listen=0.0.0.0:443 --tls=nginx:443 --openvpn=openvpn:1194
+    command: --foreground --listen=0.0.0.0:443 --tls=nginx:443 --openvpn=openvpn:1194
     depends_on:
       - nginx
       - openvpn