diff --git a/data/Dockerfiles/bootstrap/modules/BootstrapNginx.py b/data/Dockerfiles/bootstrap/modules/BootstrapNginx.py
index 2727efb37..2099a3de1 100644
--- a/data/Dockerfiles/bootstrap/modules/BootstrapNginx.py
+++ b/data/Dockerfiles/bootstrap/modules/BootstrapNginx.py
@@ -10,7 +10,7 @@ class BootstrapNginx(BootstrapBase):
     # wait for Hosts
     php_service = os.getenv("PHPFPMHOST") or "php-fpm-mailcow"
     rspamd_service = os.getenv("RSPAMDHOST") or "rspamd-mailcow"
-    sogo_service = os.getenv("SOGOHOST") or os.getenv("IPV4_NETWORK", "172.22.1") + ".248"
+    sogo_service = os.getenv("SOGOHOST")
     self.wait_for_host(php_service)
     if not self.isYes(os.getenv("SKIP_RSPAMD", False)):
       self.wait_for_host(rspamd_service)
diff --git a/data/Dockerfiles/bootstrap/modules/BootstrapSogo.py b/data/Dockerfiles/bootstrap/modules/BootstrapSogo.py
index 6d24e48b7..1a15fc6e0 100644
--- a/data/Dockerfiles/bootstrap/modules/BootstrapSogo.py
+++ b/data/Dockerfiles/bootstrap/modules/BootstrapSogo.py
@@ -17,7 +17,7 @@ class BootstrapSogo(BootstrapBase):
     self.connect_mysql()
 
     # Wait until port is free
-    while self.is_port_open("sogo-mailcow", 20000):
+    while self.is_port_open(os.getenv("SOGO_HOST"), 20000):
       print("Port 20000 still in use — terminating sogod...")
       self.kill_proc("sogod")
       time.sleep(3)
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index a55a97a4c..ed7e8fd6e 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -34,7 +34,7 @@ RUN apk add --update \
   && curl https://raw.githubusercontent.com/mludvig/smtp-cli/v3.10/smtp-cli -o /smtp-cli \
   && chmod +x smtp-cli
 
-COPY watchdog.sh /watchdog.sh
-COPY check_mysql_slavestatus.sh /usr/lib/nagios/plugins/check_mysql_slavestatus.sh
+COPY data/Dockerfiles/watchdog/watchdog.sh /watchdog.sh
+COPY data/Dockerfiles/watchdog/check_mysql_slavestatus.sh /usr/lib/nagios/plugins/check_mysql_slavestatus.sh
 
 CMD ["/watchdog.sh"]
diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index d1c659ce8..16e99b41f 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -402,7 +402,7 @@ sogo_checks() {
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     touch /tmp/sogo-mailcow; echo "$(tail -50 /tmp/sogo-mailcow)" > /tmp/sogo-mailcow
-    host_ip=$(get_container_ip sogo-mailcow)
+    host_ip=$SOGO_HOST
     err_c_cur=${err_count}
     /usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /SOGo.index/ -p 20000 2>> /tmp/sogo-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
     [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index c625522ba..605555a7b 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -67,7 +67,7 @@ require_once 'functions.ratelimit.inc.php';
 require_once 'functions.acl.inc.php';
 
 
-$isSOGoRequest = $post['real_rip'] == getenv('IPV4_NETWORK') . '.248';
+$isSOGoRequest = $post['real_rip'] == getenv('SOGO_HOST');
 $result = false;
 if ($isSOGoRequest) {
   // This is a SOGo Auth request. First check for SSO password.
diff --git a/data/conf/dovecot/config_templates/sogo_trusted_ip.conf.j2 b/data/conf/dovecot/config_templates/sogo_trusted_ip.conf.j2
index 9a7d4457d..c76d0c0fc 100644
--- a/data/conf/dovecot/config_templates/sogo_trusted_ip.conf.j2
+++ b/data/conf/dovecot/config_templates/sogo_trusted_ip.conf.j2
@@ -1,3 +1,3 @@
-remote {{ IPV4_NETWORK }}.248 {
+remote {{ SOGO_HOST }} {
   disable_plaintext_auth = no
 }
diff --git a/data/conf/sogo/config_templates/sogo.conf.j2 b/data/conf/sogo/config_templates/sogo.conf.j2
index 2c8d80a12..1a846d11a 100644
--- a/data/conf/sogo/config_templates/sogo.conf.j2
+++ b/data/conf/sogo/config_templates/sogo.conf.j2
@@ -43,7 +43,7 @@
 
     // self-signed is not trusted anymore
     WOPort = "0.0.0.0:20000";
-    SOGoMemcachedHost = "memcached";
+    SOGoMemcachedHost = "{{ MEMCACHED_HOST }}";
 
     SOGoLanguage = English;
     SOGoMailAuxiliaryUserAccountsEnabled = YES;
diff --git a/data/conf/sogo/config_templates/sogod.plist.j2 b/data/conf/sogo/config_templates/sogod.plist.j2
index 458ae943f..5a483b632 100644
--- a/data/conf/sogo/config_templates/sogod.plist.j2
+++ b/data/conf/sogo/config_templates/sogod.plist.j2
@@ -3,31 +3,31 @@
 <plist version="0.9">
 <dict>
     <key>OCSAclURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_acl</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_acl</string>
     <key>SOGoIMAPServer</key>
-    <string>imap://{{IPV4_NETWORK}}.250:143/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <string>imap://{{ DOVECOT_HOST }}:143/?TLS=YES&amp;tlsVerifyMode=none</string>
     <key>SOGoSieveServer</key>
-    <string>sieve://{{IPV4_NETWORK}}.250:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <string>sieve://{{ DOVECOT_HOST}}:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
     <key>SOGoSMTPServer</key>
-    <string>smtp://{{IPV4_NETWORK}}.253:588/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <string>smtp://{{ POSTFIX_HOST }}:588/?TLS=YES&amp;tlsVerifyMode=none</string>
     <key>SOGoTrustProxyAuthentication</key>
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
     <string>{{RAND_PASS}}</string>
     <key>OCSAdminURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_admin</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_admin</string>
     <key>OCSCacheFolderURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_cache_folder</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_cache_folder</string>
     <key>OCSEMailAlarmsFolderURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_alarms_folder</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_alarms_folder</string>
     <key>OCSFolderInfoURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_folder_info</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_folder_info</string>
     <key>OCSSessionsFolderURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_sessions_folder</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_sessions_folder</string>
     <key>OCSStoreURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_store</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_store</string>
     <key>SOGoProfileURL</key>
-    <string>mysql://{{DBUSER}}:{{DBPASS}}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{DBNAME}}/sogo_user_profile</string>
+    <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/sogo_user_profile</string>
     <key>SOGoTimeZone</key>
     <string>{{TZ}}</string>
     <key>domains</key>
@@ -69,7 +69,7 @@
           <key>prependPasswordScheme</key>
           <string>YES</string>
           <key>viewURL</key>
-          <string>mysql://{{ DBUSER }}:{{ DBPASS }}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/{{ DBNAME }}/_sogo_static_view</string>
+          <string>mysql://{{ DBUSER }}:{{ DBPASS }}@{{ DB_HOST }}/{{ DBNAME }}/_sogo_static_view</string>
         </dict>
         {% if IAM_SETTINGS.authsource == "ldap" and domain.ldap_gal %}
         <dict>
diff --git a/docker-compose.yml b/docker-compose.yml
index a3ee85df5..b9bdb6306 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -198,6 +198,7 @@ services:
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
         - CLUSTERMODE=${CLUSTERMODE:-}
         - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
+        - SOGO_HOST=${SOGO_HOST:-172.22.1.248}
       restart: always
       labels:
         ofelia.enabled: "true"
@@ -232,6 +233,11 @@ services:
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
         - REDISPASS=${REDISPASS}
+        - DB_HOST=${DB_HOST:-%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock}
+        - SOGO_HOST=${SOGO_HOST:-172.22.1.248}
+        - DOVECOT_HOST=${DOVECOT_HOST:-172.22.1.250}
+        - POSTFIX_HOST=${POSTFIX_HOST:-172.22.1.253}
+        - MEMCACHED_HOST=${MEMCACHED_HOST:-172.22.1.247}
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       volumes:
@@ -317,6 +323,7 @@ services:
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
         - REDISPASS=${REDISPASS}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
+        - SOGO_HOST=${SOGO_HOST:-172.22.1.248}
       ports:
         - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
         - "${IMAP_PORT:-143}:143"
@@ -407,6 +414,7 @@ services:
         - TZ=${TZ}
       networks:
         mailcow-network:
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.247
           aliases:
             - memcached
 
@@ -526,7 +534,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: ghcr.io/mailcow/watchdog:2.08
+      image: ghcr.io/mailcow/watchdog:nightly-19052025
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -593,6 +601,7 @@ services:
         - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
         - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
         - MAILQ_CRIT=${MAILQ_CRIT:-30}
+        - SOGO_HOST=${SOGO_HOST:-172.22.1.248}
       networks:
         mailcow-network:
           aliases: