diff --git a/Dockerfile b/Dockerfile
index a0fd4a57..bbb32035 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,12 +3,15 @@
 #
 # Author: Mendix Digital Ecosystems, digitalecosystems@mendix.com
 # Version: 2.1.0
+
+# Build stage 
+# (cut) no $ and dynamic setting - hardcode 
+FROM mendix/rootfs:bionic AS builder
+
+# (cut) moved down for ocp3 (have builder FROM clause first)
 ARG ROOTFS_IMAGE=mendix/rootfs:ubi8
 ARG BUILDER_ROOTFS_IMAGE=mendix/rootfs:bionic
 
-# Build stage
-FROM ${BUILDER_ROOTFS_IMAGE} AS builder
-
 # Build-time variables
 ARG BUILD_PATH=project
 ARG DD_API_KEY
@@ -76,7 +79,8 @@ RUN mkdir -p /tmp/buildcache /var/mendix/build /var/mendix/build/.local &&\
     chown -R ${USER_UID}:0 /opt/mendix /var/mendix &&\
     chmod -R g=u /opt/mendix /var/mendix
 
-FROM ${ROOTFS_IMAGE}
+# (cut) no $ and dynamic setting - hardcode (same as above)
+FROM mendix/rootfs:ubi8
 LABEL Author="Mendix Digital Ecosystems"
 LABEL maintainer="digitalecosystems@mendix.com"
 
@@ -113,11 +117,28 @@ RUN mkdir -p /home/vcap /opt/datadog-agent/run &&\
 # 1. Make the startup script executable
 # 2. Update ownership of /opt/mendix so that the app can run as a non-root user
 # 3. Update permissions of /opt/mendix so that the app can run as a non-root user
-# 4. Ensure that running Java 8 as root will still be able to load offline licenses
+# 4. (cut) Update ownership of /etc/nginx so that the app can run as a non-root user
+# 5. (cut) Update permissions of /etc/nginx so that the app can run as a non-root user
+# 6. Ensure that running Java 8 as root will still be able to load offline licenses
 RUN chmod +rx /opt/mendix/build/startup &&\
     chown -R ${USER_UID}:0 /opt/mendix &&\
-    chmod -R g=u /opt/mendix &&\
+    chmod -R 777 /opt/mendix &&\
     ln -s /opt/mendix/.java /root
+#  chown -R ${USER_UID}:0 /etc/nginx &&\
+#  chmod -R 777 /etc/nginx &&\
+    
+# NGINX allow non-root user to write the pid file
+# RUN chown -R ${USER_UID}:0 /run/nginx.pid && chmod -R 777 /run/nginx.pid
+
+# NGINX remove user forcing (user nginx)
+# RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
+
+# NGINX fix listening - for non root port has to be > 1024 - makes it consistent with EXPOSE below
+# (cut) needs DC variable called PORT ..
+# RUN sed -i.bak 's/80/8080/' /etc/nginx/nginx.conf
+
+# (cut) temp to diagnose nginx issues
+RUN yum -y install net-tools
 
 USER ${USER_UID}