diff --git a/services/rspamd/Dockerfile b/services/rspamd/Dockerfile
index 6f6967e8..d1e39011 100644
--- a/services/rspamd/Dockerfile
+++ b/services/rspamd/Dockerfile
@@ -1,9 +1,10 @@
 FROM alpine:edge
 
-RUN apk add --no-cache rspamd ca-certificates
+RUN apk add --no-cache python py-jinja2 rspamd rspamd-controller rspamd-proxy ca-certificates
 
 RUN mkdir /run/rspamd
 
-COPY conf/ /etc/rspamd
+COPY conf/ /conf
+COPY start.py /start.py
 
-CMD ["rspamd", "-i", "-f"]
+CMD /start.py
diff --git a/services/rspamd/conf/local.d/antivirus.conf b/services/rspamd/conf/antivirus.conf
similarity index 100%
rename from services/rspamd/conf/local.d/antivirus.conf
rename to services/rspamd/conf/antivirus.conf
diff --git a/services/rspamd/conf/local.d/dkim_signing.conf b/services/rspamd/conf/dkim_signing.conf
similarity index 100%
rename from services/rspamd/conf/local.d/dkim_signing.conf
rename to services/rspamd/conf/dkim_signing.conf
diff --git a/services/rspamd/conf/local.d/logging.inc b/services/rspamd/conf/logging.inc
similarity index 100%
rename from services/rspamd/conf/local.d/logging.inc
rename to services/rspamd/conf/logging.inc
diff --git a/services/rspamd/conf/local.d/milter_headers.conf b/services/rspamd/conf/milter_headers.conf
similarity index 100%
rename from services/rspamd/conf/local.d/milter_headers.conf
rename to services/rspamd/conf/milter_headers.conf
diff --git a/services/rspamd/conf/local.d/redis.conf b/services/rspamd/conf/redis.conf
similarity index 100%
rename from services/rspamd/conf/local.d/redis.conf
rename to services/rspamd/conf/redis.conf
diff --git a/services/rspamd/conf/worker-controller.conf b/services/rspamd/conf/worker-controller.conf
deleted file mode 100644
index 15b54bd7..00000000
--- a/services/rspamd/conf/worker-controller.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-worker {
-    bind_socket = "*:11334";
-    type = "controller";
-    count = 1;
-    password = "mailu";
-    secure_ip = "127.0.0.1";
-    secure_ip = "::1";
-    static_dir = "${WWWDIR}";
-    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
-    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
-}
diff --git a/services/rspamd/conf/worker-controller.inc b/services/rspamd/conf/worker-controller.inc
new file mode 100644
index 00000000..6a020672
--- /dev/null
+++ b/services/rspamd/conf/worker-controller.inc
@@ -0,0 +1,3 @@
+bind_socket = "*:11334";
+password = "mailu";
+secure_ip = "{{ FRONT_ADDRESS }}";
diff --git a/services/rspamd/conf/local.d/worker-normal.inc b/services/rspamd/conf/worker-normal.inc
similarity index 100%
rename from services/rspamd/conf/local.d/worker-normal.inc
rename to services/rspamd/conf/worker-normal.inc
diff --git a/services/rspamd/conf/worker-proxy.conf b/services/rspamd/conf/worker-proxy.conf
deleted file mode 100644
index 5d7b7e75..00000000
--- a/services/rspamd/conf/worker-proxy.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-worker "rspamd_proxy" {
-    bind_socket = "*:11332";
-    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
-    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
-}
diff --git a/services/rspamd/conf/local.d/worker-proxy.inc b/services/rspamd/conf/worker-proxy.inc
similarity index 64%
rename from services/rspamd/conf/local.d/worker-proxy.inc
rename to services/rspamd/conf/worker-proxy.inc
index 90f11bc5..a7dfe102 100644
--- a/services/rspamd/conf/local.d/worker-proxy.inc
+++ b/services/rspamd/conf/worker-proxy.inc
@@ -1,7 +1,4 @@
 bind_socket = "*:11332";
-type = "proxy";
-milter = yes;
-timeout = 120s;
 upstream "local" {
   default = yes;
   self_scan = yes;
diff --git a/services/rspamd/start.py b/services/rspamd/start.py
new file mode 100755
index 00000000..9d7d0cf0
--- /dev/null
+++ b/services/rspamd/start.py
@@ -0,0 +1,17 @@
+#!/usr/bin/python
+
+import jinja2
+import os
+import socket
+import glob
+
+convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
+
+# Actual startup script
+os.environ["FRONT_ADDRESS"] = socket.gethostbyname("front")
+
+for rspamd_file in glob.glob("/conf/*"):
+    convert(rspamd_file, os.path.join("/etc/rspamd/local.d", os.path.basename(rspamd_file)))
+
+# Run rspamd
+os.execv("/usr/sbin/rspamd", ["rspamd", "-i", "-f"])