diff --git a/Dockerfile b/Dockerfile
index 5864d1e..54eb48b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM php:7-fpm-alpine3.7
 
 LABEL MAINTAINER diego@passbolt.com
 
-ENV PASSBOLT_VERSION 1.6.5
+ENV PASSBOLT_VERSION 2.0.0-rc1
 ENV PASSBOLT_URL https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz
 
 ARG PHP_EXTENSIONS="gd \
@@ -32,6 +32,7 @@ RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \
       libxslt-dev \
       libmcrypt-dev \
       supervisor \
+      git \
     && pecl install gnupg redis mcrypt-snapshot \
     && docker-php-ext-install -j4 $PHP_EXTENSIONS \
     && docker-php-ext-enable $PHP_EXTENSIONS gnupg redis mcrypt \
@@ -45,10 +46,11 @@ COPY src/passbolt_api/ /var/www/passbolt/
 RUN cd /var/www/passbolt \
     && composer global require hirak/prestissimo \
     && composer install \
-    && chown -R nginx:nginx /var/www/passbolt \
-    && chmod -R o-w /var/www/passbolt \
-    && chmod -R +w /var/www/passbolt/tmp \
-    && chmod -R +w /var/www/passbolt/webroot/img/public
+    && chown -R www-data:www-data /var/www/passbolt \
+    && chmod 775 $(find /var/www/passbolt/tmp -type f) \
+    && chmod 664 $(find /var/www/passbolt/tmp -type d) \
+    && chmod 775 $(find /var/www/passbolt/webroot/img/public -type f) \
+    && chmod 664 $(find /var/www/passbolt/webroot/img/public -type d)
 
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY conf/supervisord.conf /etc/supervisord.conf
diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh
index 4a1556f..805e360 100755
--- a/bin/docker-entrypoint.sh
+++ b/bin/docker-entrypoint.sh
@@ -24,17 +24,17 @@ gpg_gen_key() {
     Name-Email: $key_email
     Expire-Date: $expiration
 		%commit
-EOF" -ls /bin/sh nginx
+EOF" -ls /bin/sh www-data
 
-  su -m -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx
-  su -m -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx
+  su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh www-data
+  su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data
 }
 
 gpg_import_key() {
   key_id=""
-  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx)
-  su -m -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx
-  su -m -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx
+  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data)
+  su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data
+  su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data
 }
 
 gen_ssl_cert() {
@@ -53,8 +53,8 @@ install() {
     -p"$DATASOURCES_DEFAULT_PASSWORD" |wc -l)
 
   if [ "$tables" -eq 0 ]; then
-    su -c "cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php" -s /bin/sh nginx
-    su -m -c "PATH=$PATH:/usr/local/bin /var/www/passbolt/bin/cake passbolt install --no-admin --force" -s /bin/sh nginx
+    su -c "cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php" -s /bin/sh www-data
+    su -c "PATH=$PATH:/usr/local/bin /var/www/passbolt/bin/cake passbolt install --no-admin --force" -s /bin/sh www-data
   else
     echo "Enjoy! ☮"
   fi
@@ -70,7 +70,7 @@ email_cron_job() {
   echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
   echo "#!/bin/sh" > $cron_task
   chmod +x $cron_task
-  echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task
+  echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
 }
 
 if [ -z "$DATASOURCES_DEFAULT_HOST" ] \
@@ -95,7 +95,7 @@ if [ ! -f $ssl_key ] && [ ! -L $ssl_key ] && \
   gen_ssl_cert
 fi
 
-gpg_auto_fingerprint=$(su -m -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)
+gpg_auto_fingerprint=$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)
 export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
 install
 email_cron_job
diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb
index 387295d..97b4fd9 100644
--- a/spec/docker_image/image_spec.rb
+++ b/spec/docker_image/image_spec.rb
@@ -21,7 +21,7 @@ describe 'Dockerfile' do
   let(:passbolt_home)   { '/var/www/passbolt' }
   let(:passbolt_tmp)    { '/var/www/passbolt/tmp' }
   let(:passbolt_image)  { '/var/www/passbolt/webroot/img/public' }
-  let(:passbolt_owner)  { 'nginx' }
+  let(:passbolt_owner)  { 'www-data' }
   let(:exposed_ports)   { [ '80', '443' ] }
   let(:composer)        { '/usr/local/bin/composer'}
   let(:php_extensions)  { [
diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb
new file mode 100644
index 0000000..4021a4a
--- /dev/null
+++ b/spec/docker_runtime/runtime_spec.rb
@@ -0,0 +1,82 @@
+require 'spec_helper'
+require 'rspec/wait'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @mysql = Docker::Container.create(
+      'Env' => [
+        'MYSQL_ROOT_PASSWORD=test',
+        'MYSQL_DATABASE=passbolt',
+        'MYSQL_USER=passbolt',
+        'MYSQL_PASSWORD=P4ssb0lt'
+      ],
+      "Healthcheck" => {
+        "Test": [
+          "CMD-SHELL",
+          "mysqladmin ping --silent"
+        ]
+      },
+      'Image' => 'mysql')
+    @mysql.start
+
+    while @mysql.json['State']['Health']['Status'] != 'healthy'
+      sleep 1
+    end
+
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
+        'DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt',
+        'DATASOURCES_DEFAULT_USERNAME=passbolt',
+        'DATASOURCES_DEFAULT_DATABASE=passbolt',
+        #'DATASOURCES_DEFAULT_PORT=3306',
+        #'PASSBOLT_GPG_KEYRING=/var/lib/nginx/.gnupg',
+        #'PASSBOLT_GPG_SERVER_KEY_PUBLIC=/var/www/passbolt/config/gpg/serverkey.asc',
+        #'PASSBOLT_GPG_SERVER_KEY_PRIVATE=/var/www/passbolt/config/gpg/serverkey_private.asc'
+      ],
+      'Image' => @image.id)
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @mysql.kill
+    @container.kill
+  end
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(process('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(port(9000)).to be_listening.with('tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('crond')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(port(80)).to be_listening.with('tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(port(443)).to be_listening.with('tcp')
+    end
+  end
+
+end