diff --git a/dockerproxy/main.go b/dockerproxy/main.go
index e6c086d..9b475e7 100644
--- a/dockerproxy/main.go
+++ b/dockerproxy/main.go
@@ -9,6 +9,7 @@ import (
 	"net/url"
 	"os"
 	"os/signal"
+	"regexp"
 	"strings"
 	"sync/atomic"
 	"syscall"
@@ -48,11 +49,19 @@ var (
 )
 
 const (
-	DOCKER_LISTENER = "localhost:2375"
+	DOCKER_LISTENER = "localhost:2376"
 	DOCKER_SCHEME   = "http"
 	FLY_API_URL     = "https://api.fly.io"
 )
 
+var allowedPaths = []*regexp.Regexp{
+	regexp.MustCompile("^/flyio/.*$"),
+	regexp.MustCompile("^/grpc$"),
+	regexp.MustCompile("^/_ping$"),
+	regexp.MustCompile("^(/v[0-9.]*)?/info$"),
+	regexp.MustCompile("^(/v[0-9.]*)?/images/.*$"),
+}
+
 func init() {
 	api.SetBaseURL(FLY_API_URL)
 }
@@ -128,7 +137,28 @@ func main() {
 	go func() {
 		log.Infof("Listening on %s", httpServer.Addr)
 		if err := httpServer.ListenAndServe(); err != http.ErrServerClosed {
-			log.Fatalf("failed to listenAndServe: %v", err)
+			log.Fatalf("failed to listenAndServe on %s: %v", httpServer.Addr, err)
+		}
+	}()
+
+	httpServer2 := &http.Server{
+		Addr:    ":2375",
+		Handler: dockerProxy(),
+		BaseContext: func(_ net.Listener) context.Context {
+			return ctx
+		},
+
+		// keep these as high as possible. shorter read/write timeouts can cause push operations
+		// for large images to hang midway with the error -> context.Cancelled.
+		ReadTimeout:  15 * time.Minute,
+		WriteTimeout: 15 * time.Minute,
+	}
+	httpServer2.RegisterOnShutdown(cancel)
+
+	go func() {
+		log.Infof("Listening on %s", httpServer2.Addr)
+		if err := httpServer2.ListenAndServe(); err != http.ErrServerClosed {
+			log.Fatalf("failed to listenAndServe on %s: %v", httpServer2.Addr, err)
 		}
 	}()
 
@@ -158,11 +188,17 @@ func main() {
 
 	log.Info("shutting down proxy")
 	if err := httpServer.Shutdown(gracefullCtx); err != nil {
-		log.Warnf("shutdown error: %v\n", err)
+		log.Warnf("shutdown error on %s: %v\n", httpServer.Addr, err)
 		os.Exit(1)
 	}
 
-	log.Info("shutting down proxy")
+	log.Info("shutting down proxy2")
+	if err := httpServer2.Shutdown(gracefullCtx); err != nil {
+		log.Warnf("shutdown error on %s: %v\n", httpServer2.Addr, err)
+		os.Exit(1)
+	}
+
+	log.Info("shutting down docker")
 	stopDockerdFn()
 
 	log.Info("shutdown complete")
@@ -225,6 +261,19 @@ func dockerProxy() http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		pendingRequests.Add(1)
 
+		allowed := false
+		for _, allowedPath := range allowedPaths {
+			if allowedPath.MatchString(r.URL.Path) {
+				allowed = true
+				break
+			}
+		}
+		if !allowed {
+			log.Warnf("Refusing to proxy %s", r.URL)
+			http.Error(w, `{"message":"page not found"}`, http.StatusNotFound)
+			return
+		}
+
 		defer func() {
 			pendingRequests.Add(^uint64(0))
 		}()
diff --git a/etc/docker/daemon.json b/etc/docker/daemon.json
index f02aaf5..a4788c4 100644
--- a/etc/docker/daemon.json
+++ b/etc/docker/daemon.json
@@ -17,7 +17,7 @@
     },
     "hosts": [
         "unix:///var/run/docker.sock",
-        "tcp://0.0.0.0:2375"
+        "tcp://127.0.0.1:2376"
     ],
     "mtu": 1400,
     "max-concurrent-downloads": 10,
@@ -27,4 +27,4 @@
     "registry-mirrors": [
         "https://docker-hub-mirror.fly.io"
     ]
-}
\ No newline at end of file
+}