diff --git a/Dockerfile b/Dockerfile
index 5c53884..707ae0d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,36 +1,42 @@
-
-FROM phusion/baseimage
-MAINTAINER gabriel schubiner <gabriel.schubiner@gmail.com>
+FROM starchy/baseimage-docker
+MAINTAINER starchy grant <starchy@gmail.com>
 
 # Installation
 RUN apt-get update && apt-get install -y --no-install-recommends \
     apache2 \
-    libapache2-mod-php5 \
+    libapache2-mod-php \
     build-essential \
-    php5 \
-    php5-dev \
-    php5-mysqlnd \
-    php5-imap \
-    php5-cli \
+    php \
+    php-dev \
+    php-mysqlnd \
+    php-imap \
+    php-cli \
     php-pear \
-    php-apc \
-    php5-gd \
-    php5-memcached \
+    php-apcu \
+    php-gd \
+    php-memcached \
     python-pip \
     mysql-client \
     ssmtp \
-    memcached
+    memcached \
+    drush \
+    git
 
 # Cron
 ADD ./assets/openatrium.cron.sh /etc/cron.hourly/openatrium
 RUN chmod +x /etc/cron.hourly/openatrium
 
 # Apache Cfg
+ADD assets/apache.security.conf /etc/apache2/conf.d/
 RUN rm -f /etc/apache2/sites-enabled/*
 ADD assets/apache.openatrium.conf /etc/apache2/sites-available/
 RUN ln -s /etc/apache2/sites-available/apache.openatrium.conf /etc/apache2/sites-enabled/openatrium.conf
 RUN a2enmod rewrite
 
+# Symlink for drush
+RUN mkdir /usr/local/drush
+RUN ln -s /usr/bin/drush /usr/local/drush/drush
+
 # PHP Config
 ENV PHP_MEMORY_LIMIT 1024M
 ENV PHP_MAX_EXECUTION_TIME 900
@@ -39,14 +45,25 @@ ENV PHP_SENDMAIL_PATH /usr/sbin/ssmtp -t
 RUN sed -i \
     -e 's/^;session.save_path/session.save_path/g' \
     -e "s!^;sendmail_path =.*\$!sendmail_path = $PHP_SENDMAIL_PATH!g" \
-    /etc/php5/apache2/php.ini
+    /etc/php/7.0/apache2/php.ini
 ADD ./assets/update_php_vars.sh /usr/bin/
 RUN chmod +x /usr/bin/update_php_vars.sh 
 RUN update_php_vars.sh
-RUN php5enmod imap
-RUN pecl install -Z uploadprogress && \
-    echo 'extension=uploadprogress.so' >/etc/php5/mods-available/uploadprogress.ini && \
-    php5enmod uploadprogress
+RUN phpenmod imap
+
+# build uploadprogress from git for php7 compatibility
+RUN cd /root \
+    && git clone https://github.com/Jan-E/uploadprogress.git \
+    && cd uploadprogress \
+    && phpize \
+    && ./configure \
+    && make \
+    && make install \
+    && echo 'extension=uploadprogress.so' >/etc/php/7.0/mods-available/uploadprogress.ini \
+    && phpenmod uploadprogress \
+    && cd \
+    && rm -rf /root/uploadprogress
+
 
 # Default ENV vars
 ## Apache
@@ -91,16 +108,17 @@ ENV SSMTP_AUTH_METHOD LOGIN
 ADD ./assets/update_ssmtp.sh /usr/bin/update_ssmtp.sh
 RUN rm -f /etc/ssmtp/ssmtp.conf
 ADD ./assets/ssmtp.conf /etc/ssmtp/ssmtp.conf
-RUN chmod +x /usr/bin/update_ssmtp.sh && update_ssmtp.sh
-
-# Drush install
-RUN pear channel-discover pear.drush.org
-
-RUN pear install drush/drush
+RUN chmod +x /usr/bin/update_ssmtp.sh 
+RUN /usr/bin/update_ssmtp.sh
 
 # Open Atrium
+ENV OATRIUM_DOWNLOAD_URL https://ftp.drupal.org/files/projects/openatrium-7.x-2.641-core.tar.gz
+ENV OATRIUM_DOWNLOAD_SHA256 c8f3c9fa43fbc4032e248d549c2bec2d738c32db807dcbd008374b9be11aa0d7
 RUN rm -f /var/www/html/*
-RUN curl http://ftp.drupal.org/files/projects/openatrium-7.x-2.33-core.tar.gz | tar xz -C /var/www/html --strip-components=1 
+RUN curl -fsS "$OATRIUM_DOWNLOAD_URL" -o oatrium.tar.gz \
+  && echo "$OATRIUM_DOWNLOAD_SHA256 oatrium.tar.gz" | sha256sum -c - \
+  && tar -C /var/www/html -xzf oatrium.tar.gz --strip-components=1 \
+  && rm -f oatrium.tar.gz
 
 # Services
 RUN mkdir /etc/service/memcached /etc/service/apache
@@ -114,7 +132,7 @@ ADD ./assets/init.sh /etc/my_init.d/10_init.sh
 RUN chmod -R +x /etc/my_init.d/
 
 # Ports
-EXPOSE 22 80 443
+EXPOSE 80 443
 
 # Volumes
 VOLUME /data
diff --git a/README.md b/README.md
index 0a0c8bb..87d79c4 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 This repo contains a working repository for Phase2's OpenAtrium, based on the Drupal CMS.
 
-## OpenAtrium - ver. 2.30RC3
+## OpenAtrium - ver. 2.641
 
 OpenAtrium is a pretty rad Drupal distribution, supported by Phase2, that makes it pretty easy to set up very flexible intranets/community sites with out-of-the-box support for maintaining a hierarchy of 'spaces' that can each be customized with calendars, tasks, discussion boards, and file sharing. User groups, teams, permissions, etc. all well supported. 
 
@@ -177,11 +177,11 @@ Last Note: 99% of this image is relevant to any Drupal 7 distribution, so if you
 
 You'll want to change this line: 
 
-`RUN curl http://ftp.drupal.org/files/projects/openatrium-7.x-2.30-core.tar.gz | tar xz -C /var/www/html --strip-components=1 `
+`RUN curl https://ftp.drupal.org/files/projects/openatrium-7.x-2.641-core.tar.gz | tar xz -C /var/www/html --strip-components=1 `
 
 to 
 
-`RUN curl http://ftp.drupal.org/files/projects/<distribution_name>-7.x-<distribution_version>-core.tar.gz | tar xz -C /var/www/html --strip-components=1 `
+`RUN curl https://ftp.drupal.org/files/projects/<distribution_name>-7.x-<distribution_version>-core.tar.gz | tar xz -C /var/www/html --strip-components=1 `
 
 I should probably take this piece out into the init.sh script, and make the distribution name and version specifiable by environment variables, so you could literally use this image for any Drupal 7 distribution without rebuilding it, but maybe later.
 
diff --git a/assets/apache.security.conf b/assets/apache.security.conf
new file mode 100644
index 0000000..498d147
--- /dev/null
+++ b/assets/apache.security.conf
@@ -0,0 +1,3 @@
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
diff --git a/assets/init.sh b/assets/init.sh
index 49b4271..3396607 100644
--- a/assets/init.sh
+++ b/assets/init.sh
@@ -60,6 +60,7 @@ function restore_permissions {
     
     pushd sites
     find . -type d -name files -exec chmod 770 '{}' \;
+    find ./default/files -type d -exec chown -R www-data '{}' \;
     find ./default/files -type d -exec chmod 770 '{}' \;
     find ./default/files -type f -exec chmod 660 '{}' \;
 
diff --git a/assets/update_php_vars.sh b/assets/update_php_vars.sh
index a6aa9e4..a6009a6 100644
--- a/assets/update_php_vars.sh
+++ b/assets/update_php_vars.sh
@@ -2,14 +2,15 @@
 
 
 sed -i \
+    -e "s/^expose_php.*\$/expose_php = Off/g" \
     -e "s/^memory_limit.*\$/memory_limit = $PHP_MEMORY_LIMIT/g" \
     -e "s/^max_execution_time.*\$/max_execution_time = $PHP_MAX_EXECUTION_TIME/g" \
     -e "s/^session.save_handler.*\$/session.save_handler = $PHP_SESSION_SAVE_CACHE/g" \
     -e "s!^sendmail_path.*\$!sendmail_path = $PHP_SENDMAIL_PATH!g" \
-    /etc/php5/apache2/php.ini
+    /etc/php/7.0/apache2/php.ini
 
 if [ "$PHP_SESSION_SAVE_CACHE" == "memcached" ]; then
-    sed -i -e "s!^session.save_path.*\$!session.save_path = \"localhost:11211\"!g"  /etc/php5/apache2/php.ini
+    sed -i -e "s!^session.save_path.*\$!session.save_path = \"localhost:11211\"!g"  /etc/php/7.0/apache2/php.ini
 else 
-    sed -i -e "s!^session.save_path.*\$!session.save_path = \"/var/lib/php5\"!g" /etc/php5/apache2/php.ini
+    sed -i -e "s!^session.save_path.*\$!session.save_path = \"/var/lib/php\"!g" /etc/php/7.0/apache2/php.ini
 fi
diff --git a/docker-compose.yml.example b/docker-compose.yml.example
new file mode 100644
index 0000000..0ae1d01
--- /dev/null
+++ b/docker-compose.yml.example
@@ -0,0 +1,26 @@
+openatrium:
+  image: starchy/openatrium # not currently on dockerhub
+  links:
+    - mariadb
+  environment:
+    DB_NAME: openatrium
+    INSTALL_SITE: "false" # set to true for automatic install on first run only
+    MIGRATE_SITES_TO: /sites
+  volumes:
+    - ./sites:/sites
+    - ./ssmtp.conf:/etc/ssmtp/ssmtp.conf:ro
+  ports:
+    - "80:80"
+  restart: always
+
+mariadb:
+  image: mariadb:10.2
+  environment:
+    MYSQL_DATABASE: openatrium
+    MYSQL_USER: openatrium
+    MYSQL_PASSWORD: changeme
+    MYSQL_ROOT_PASSWORD: changemetoo
+  volumes:
+    - ./mysql:/var/lib/mysql
+  restart: always
+