diff --git a/.mrconfig b/.mrconfig
index 941a88e..a6dbee0 100644
--- a/.mrconfig
+++ b/.mrconfig
@@ -5,4 +5,5 @@ checkout = git clone https://github.com/CAcertOrg/cats cacert-cats
 checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-mgr.git cacert-mgr
 
 [cacert-software]
-checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-devel.git cacert-software
+#checkout = git clone git+ssh://git.cacert.org/srv/git/cacert-devel.git cacert-software
+checkout = git clone -b run-locally https://github.com/jandd/cacert-devel.git cacert-software
diff --git a/cats.Dockerfile b/cats.Dockerfile
index 3958ac8..3a8b3e3 100644
--- a/cats.Dockerfile
+++ b/cats.Dockerfile
@@ -1,6 +1,10 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/docker-compose.yml b/docker-compose.yml
index 67cab0e..f8df137 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,6 +42,7 @@ services:
       CRL_DIRECTORY: /srv/certs/crl
       DEFAULT_HOSTNAME: www.cacert.localhost
       SECURE_HOSTNAME: secure.cacert.localhost
+      TVERIFY_HOSTNAME: tverify.cacert.localhost
       INSECURE_PORT: 8080
       SECURE_PORT: 8443
       RETURN_ADDRESS: "returns@cacert.localhost"
@@ -101,6 +102,7 @@ services:
     volumes:
       - certstaging:/srv/certs
       - signersockets:/srv/sockets
+      - webdbincl:/home/cacert/www/includes/
     depends_on:
       - db
       - smtp
@@ -126,4 +128,5 @@ volumes:
   maildir: { }
   certstaging: { }
   signersockets: { }
-  signerdata: { }
\ No newline at end of file
+  signerdata: { }
+  webdbincl: { }
diff --git a/docker/run-signer b/docker/run-signer
index c145ea5..01848f2 100755
--- a/docker/run-signer
+++ b/docker/run-signer
@@ -23,7 +23,7 @@ if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root
 if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
 
 rm -f /srv/sockets/signer
-socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
+socat -d -d "PTY,link=${SERIAL_PORT}" UNIX-LISTEN:/srv/sockets/signer 2>&1 &
 sleep 1
 
 cd /srv/CommModule/
diff --git a/docker/run-signer_client b/docker/run-signer_client
index 7c19dae..e8fd99c 100755
--- a/docker/run-signer_client
+++ b/docker/run-signer_client
@@ -2,10 +2,12 @@
 
 set -eu
 
-socat -d -d UNIX:/srv/sockets/signer PTY,link=/dev/ttyS0 2>&1 &
+export SERIAL_PORT=/dev/ttyUSB0
+
+socat -d -d "UNIX:/srv/sockets/signer" "PTY,link=${SERIAL_PORT}" 2>&1 &
 sleep 1
 
-export SERIAL_PORT=/dev/ttyS0
+echo "<?php mysql_connect(\"${MYSQL_WEBDB_HOSTNAME}\", \"${MYSQL_WEBDB_USER}\", \"${MYSQL_WEBDB_PASSWORD}\");" > "/home/cacert/www/includes/mysql.php"
 
 cd /srv/CommModule/
 
diff --git a/mgr.Dockerfile b/mgr.Dockerfile
index 46151f9..a0a7400 100644
--- a/mgr.Dockerfile
+++ b/mgr.Dockerfile
@@ -1,6 +1,10 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/signer.Dockerfile b/signer.Dockerfile
index 6e4a0ab..68d4a2d 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -1,6 +1,10 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     gnupg \
diff --git a/signer_client.Dockerfile b/signer_client.Dockerfile
index 577c018..c4339da 100644
--- a/signer_client.Dockerfile
+++ b/signer_client.Dockerfile
@@ -1,9 +1,13 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
 COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
 COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
diff --git a/webdb.Dockerfile b/webdb.Dockerfile
index fd3ff3d..8e1474c 100644
--- a/webdb.Dockerfile
+++ b/webdb.Dockerfile
@@ -1,6 +1,10 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 
-RUN apt-get update \
+RUN sed -i \
+      -e 's@\(^deb http://deb\..*\)$@#\1@' \
+      -e 's@\(^deb http://security\..*\)$@deb http://archive.debian.org/debian-security jessie/updates main@' \
+      /etc/apt/sources.list \
+    && apt-get update \
     && DEBIAN_FRONTEND=noninteractive \
     apt-get install -y --no-install-recommends \
     ca-certificates \
@@ -35,6 +39,7 @@ RUN apt-get update \
     php5-recode \
     psmisc \
     wamerican \
+    wget \
     whois \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \