diff --git a/Dockerfile b/Dockerfile
index cd81af8..1c457fc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,18 +14,22 @@ ENV DERP_HOSTNAME example.com
 ENV DERP_CERTMODE letsencrypt
 ENV DERP_ADDR :443
 ENV DERP_VERIFY_CLIENTS false
+ENV DERP_HTTP_PORT 80
+ENV DERP_STUN_ENABLE true
+ENV DERP_STUN_PORT 3478
 
 COPY --from=builder /go/bin/derper .
 
-EXPOSE 80 443 3478
-
 VOLUME ["/app/certs"]
 
 CMD /app/derper --hostname=$DERP_HOSTNAME \
     --a=$DERP_ADDR \
     --certdir=/app/certs \
     --verify-clients=$DERP_VERIFY_CLIENTS \
-    --certmode=$DERP_CERTMODE
+    --certmode=$DERP_CERTMODE \
+    --http-port=$DERP_HTTP_PORT \
+    --stun=$DERP_STUN_ENABLE \
+    --stun-port=$DERP_STUN_PORT
 
 # derper --help
 # 使用方法说明:
diff --git a/README.md b/README.md
index cfce6d9..ac08746 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,9 @@
 | DERP_CERTMODE       | Determines the SSL/TLS certificate management mode. Options: `manual`, `letsencrypt`                                                                                         | `letsencrypt` |
 | DERP_ADDR           | Sets the server address and port to bind to.                                                                                                                                 | `:443`        |
 | DERP_VERIFY_CLIENTS | Whether to verify clients connecting to the DERP server. [reference](https://tailscale.com/kb/1118/custom-derp-servers#optional-restricting-client-access-to-your-derp-node) | `false`       |
+| DERP_HTTP_PORT      | Sets the port for the HTTP server.                                                                                                                                           | `80`          |
+| DERP_STUN_ENABLE    | Whether to enable STUN.                                                                                                                                                      | `true`        |
+| DERP_STUN_PORT      | Sets the port for the STUN server.                                                                                                                                           | `3478`        |
 
 # Volumes
 
@@ -15,27 +18,11 @@
 
 # Usage
 
-## Running Directly with SSL/TLS
-
 ```shell
 docker run -d --name derper \
-  -p 443:443 -p 3478:3478 \
+  -p 80:80 -p 443:443 -p 3478:3478 \
   -e DERP_DOMAIN=example.com \
-  -e DERP_CERTMODE=manual \
-  -v /path/to/certs:/app/certs \
   nite07/tailscale-derp-docker:latest
 ```
 
-## Running Behind a Reverse Proxy
-
-```shell
-docker run -d --name derper \
-  -p 8080:80 -p 3478:3478 \
-  -e DERP_DOMAIN=example.com \
-  -e DERP_ADDR=:80 \
-  nite07/tailscale-derp-docker:latest
-```
-
-## Adding DERP servers to your tailnet
-
-[reference](https://tailscale.com/kb/1118/custom-derp-servers#step-2-adding-derp-servers-to-your-tailnet)
+[Adding DERP servers to your tailnet](https://tailscale.com/kb/1118/custom-derp-servers#step-2-adding-derp-servers-to-your-tailnet)