diff --git a/README.md b/README.md
index 6324ad4..93a81a5 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,6 @@ FRESHRSS_BASE_URL="http://localhost/"
 FRESHRSS_LANGUAGE="en"
 FRESHRSS_TITLE="FreshRSS"
 FRESHRSS_META_DESCRIPTION=
-FRESHRSS_DEFAULT_USER="_"
 FRESHRSS_ALLOW_ANONYMOUS="false"
 FRESHRSS_ALLOW_ANONYMOUS_REFRESH="false"
 FRESHRSS_AUTH_TYPE="form"
@@ -80,6 +79,8 @@ FRESHRSS_DB_BASE=
 FRESHRSS_DB_PREFIX="freshrss_"
 ## comma-seperated string, extensions must be installed!
 FRESHRSS_EXTENSIONS_ENABLED="Tumblr-GDPR"
+## comma-seperated string
+FRESHRSS_TRUSTED_SOURCES=127.0.0.0/8,::1/128
 ```
 
 ### PHP
diff --git a/overlay/etc/templates/config.php.tmpl b/overlay/etc/templates/config.php.tmpl
index 08ec5b3..80c7b9b 100644
--- a/overlay/etc/templates/config.php.tmpl
+++ b/overlay/etc/templates/config.php.tmpl
@@ -7,7 +7,7 @@ return array(
     'language' => '{{ getenv "FRESHRSS_LANGUAGE" "en" }}',
     'title' => '{{ getenv "FRESHRSS_TITLE" "FreshRSS" }}',
     'meta_description' => '{{ getenv "FRESHRSS_META_DESCRIPTION" }}',
-    'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "_" }}',
+    'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "admin" }}',
     'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" }},
     'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" }},
     'auth_type' => '{{ getenv "FRESHRSS_AUTH_TYPE" "form" }}',
@@ -71,4 +71,10 @@ return array(
     ),
 
     'disable_update' => true,
+
+    'trusted_sources' => [
+        {{- range (getenv "FRESHRSS_TRUSTED_SOURCES" "127.0.0.0/8,::1/128" | strings.Split ",") }}
+        '{{ . | strings.TrimSpace }}',
+        {{- end }}
+    ]
 );
diff --git a/overlay/usr/local/bin/entrypoint b/overlay/usr/local/bin/entrypoint
index 3c314f1..c702292 100755
--- a/overlay/usr/local/bin/entrypoint
+++ b/overlay/usr/local/bin/entrypoint
@@ -4,7 +4,6 @@
 . /usr/local/lib/log.sh
 
 /usr/local/bin/gomplate -o /etc/php8/php.ini -f /etc/templates/php.ini.tmpl
-/usr/local/bin/gomplate -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
 /usr/local/bin/gomplate -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl
 
 if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
@@ -35,26 +34,26 @@ else
     exit $EXITCODE
 fi
 
-if [ "${FRESHRSS_DEFAULT_USER}" ]; then
-    log_info "Ensure default user exists"
-    ERROR=$(/usr/bin/php ./cli/create-user.php \
-        --user "$FRESHRSS_DEFAULT_USER" \
-        --password "$FRESHRSS_DEFAULT_PASSWORD" \
-        --language "${FRESHRSS_LANGUAGE:-en}" \
-        2>&1)
-    EXITCODE=$?
+log_info "Ensure default user exists"
+ERROR=$(/usr/bin/php ./cli/create-user.php \
+    --user "${FRESHRSS_DEFAULT_USER:-admin}" \
+    --password "${FRESHRSS_DEFAULT_PASSWORD:-freshrss}" \
+    --language "${FRESHRSS_LANGUAGE:-en}" \
+    2>&1)
+EXITCODE=$?
 
-    if [ $EXITCODE -eq 3 ]; then
-        log_info "FreshRSS user already exists, skipped"
-    elif [ $EXITCODE -eq 0 ]; then
-        log_info "FreshRSS user successfully created"
-        ./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user "$FRESHRSS_DEFAULT_USER"
-    else
-        log_error "FreshRSS error during the creation of a user: ${ERROR}"
-        exit $EXITCODE
-    fi
+if [ $EXITCODE -eq 3 ]; then
+    log_info "FreshRSS user already exists, skipped"
+elif [ $EXITCODE -eq 0 ]; then
+    log_info "FreshRSS user successfully created"
+    ./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user "${FRESHRSS_DEFAULT_USER:-admin}"
+else
+    log_error "FreshRSS error during the creation of a user: ${ERROR}"
+    exit $EXITCODE
 fi
 
+/usr/local/bin/gomplate -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
+
 log_info "Start FreshRSS Server\n"
 supercronic /etc/crontabs/nginx &
 php-fpm8 -F &