diff --git a/Dockerfile b/Dockerfile
index aca9a57..ef3331a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 # HAProxy image with certbot for certificate generation and renewal
 #
 # -----------------------------------------------------------------------------------------------
-FROM haproxy:2.7.0-alpine
+FROM haproxy:2.7.6-alpine
 MAINTAINER support@openremote.io
 
 USER root
@@ -59,7 +59,7 @@ ADD cli.ini /root/.config/letsencrypt/
 ADD entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
-HEALTHCHECK --interval=3s --timeout=3s --start-period=2s --retries=30 CMD curl --fail --silent http://127.0.0.1:80 || exit 1
+HEALTHCHECK --interval=60s --timeout=3s --start-period=5s --retries=2 CMD curl --fail --silent http://127.0.0.1/docker-health || exit 1
 
 RUN chown -R haproxy:haproxy /etc/haproxy
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 4069b34..ef31124 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -102,13 +102,10 @@ monitor() {
     log_info "Monitoring config file '$HAPROXY_CONFIG' and certs in '$CERT_DIR' for changes..."
 
     # Wait if config or certificates were changed, block this execution
-    inotifywait -q -r --exclude '\.git/' -e modify,create,delete,move,move_self "$HAPROXY_CONFIG" "$CERT_DIR" |
-      while read events; do
-        log_info "Change detected..."
-        sleep 5
-        restart
-      done
-      monitor
+    inotifywait -q -r --exclude '\.git/' -e modify,create,delete,move,move_self "$HAPROXY_CONFIG" "$CERT_DIR"
+    log_info "Change detected..." &&
+    sleep 5 &&
+    restart
   done
 }
 
diff --git a/haproxy.cfg b/haproxy.cfg
index 3fda4ed..1d573e4 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -30,6 +30,14 @@ defaults
 resolvers docker_resolver
     nameserver dns 127.0.0.11:53
 
+
+frontend stats
+   bind *:8404
+   http-request use-service prometheus-exporter if { path /metrics }
+   stats enable
+   stats uri /stats
+   stats refresh 10s
+
 frontend http
     bind *:80
 
@@ -37,6 +45,11 @@ frontend http
     acl url_acme_http01 path_beg /.well-known/acme-challenge/
     http-request use-service lua.acme-http01 if METH_GET url_acme_http01
 
+    # Static health endpoint for docker healthcheck (don't log it)
+    acl url_docker_health path /docker-health
+    http-request set-log-level silent if url_docker_health
+    http-request return status 200 if url_docker_health
+
     # Optional: redirects for root requests with certain host names to service paths
     acl is_root path -i /
     acl is_redirect_1 hdr(host) -i "${PROXY_HOST_REDIRECT_1_NAME}"
@@ -61,7 +74,7 @@ frontend http
     redirect code 302 location "https://${DOMAINNAME}${PROXY_HOST_REDIRECT_10_TARGET}" if is_root is_redirect_10
 
     # Redirect all http requests to https
-    redirect scheme https if !url_acme_http01
+    redirect scheme https if !url_acme_http01 !url_docker_health
 
 frontend https
     bind *:443 ssl crt /etc/haproxy/certs crt "${CERT_DIR}" no-tls-tickets