diff --git a/config.py b/config.py
new file mode 100644
index 0000000..29cf1b3
--- /dev/null
+++ b/config.py
@@ -0,0 +1,35 @@
+"""Configuration file for LUMI2."""
+
+# The Flask secret key used cryptographic operations.
+# This should be a long (>32 characters), random alphanumeric string.
+SECRET_KEY = 'CHANGEME'
+# The hashed administrator password, which defaults to 'admin'.
+# Replace this with the hash of a STRONG password.
+ADMIN_PASSWORD = 'pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448'
+
+# The hostname and port number where this LUMI2 instance can be reached.
+#SERVER_NAME = 'lumi2.example.com:80'
+
+# The title of pages as displayed in the browser.
+SITE_TITLE = 'LUMI 2'
+# Site metadata as displayed by search engines.
+SITE_AUTHOR = 'LUMI 2 Development Team'
+SITE_DESCRIPTION = 'A simple frontend for LDAP account management.'
+
+# URL or hostname of the LDAP server.
+# Currently, only unencrypted connections are supported.
+LDAP_HOSTNAME = 'ldap://openldap'
+# Credentials for an LDAP bind user with read- and write access to the server.
+LDAP_BIND_USER_DN = 'cn=admin,dc=example,dc=com'
+LDAP_BIND_USER_PASSWORD = 'admin'
+# Base DN of the LDAP server.
+LDAP_BASE_DN = 'dc=example,dc=com'
+
+# DN of the organizational unit beneath which users are located.
+LDAP_USERS_OU = 'ou=users,dc=example,dc=com'
+# DN of the organizational unit beneath which groups are located.
+LDAP_GROUPS_OU = 'ou=groups,dc=example,dc=com'
+
+# Maximum size in Bytes for incoming requests, both for improved security and
+# to limit the size of uploaded user profile pictures.
+MAX_CONTENT_LENGTH = 8_000_000
diff --git a/docker-compose.yml b/docker-compose.yml
index c8af98d..3c74e80 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,18 +9,22 @@ services:
     command: flask --app /app/lumi2 --debug run --host 0.0.0.0 --port 80
     volumes:
       - ./lumi2/__init__.py:/app/lumi2/__init__.py:ro
+      - ./lumi2/auth.py:/app/lumi2/auth.py:ro
+      - ./lumi2/default_configuration.py:/app/lumi2/default_configuration.py:ro
       - ./lumi2/exceptions.py:/app/lumi2/exceptions.py:ro
       - ./lumi2/ldap.py:/app/lumi2/ldap.py:ro
-      - ./lumi2/auth.py:/app/lumi2/auth.py:ro
-      - ./lumi2/usermodel.py:/app/lumi2/usermodel.py:ro
-      - ./lumi2/webapi.py:/app/lumi2/webapi.py:ro
-      - ./lumi2/usermanager.py:/app/lumi2/usermanager.py:ro
-      - ./lumi2/static/js:/app/lumi2/static/js:ro
       - ./lumi2/static/css:/app/lumi2/static/css:ro
       - ./lumi2/static/images/base:/app/lumi2/static/images/base:ro
       - ./lumi2/static/images/default:/app/lumi2/static/images/default:ro
+      - ./lumi2/static/js:/app/lumi2/static/js:ro
       - ./lumi2/templates/:/app/lumi2/templates/:ro
+      - ./lumi2/usermanager.py:/app/lumi2/usermanager.py:ro
+      - ./lumi2/usermodel.py:/app/lumi2/usermodel.py:ro
+      - ./lumi2/webapi.py:/app/lumi2/webapi.py:ro
       - ./tests/fakedata.py/:/app/tests/fakedata.py:ro
+      - ./config.py/:/app/config.py:ro
+    environment:
+      - LUMI_CONFIG=/app/config.py
     ports:
       - "8000:80"
     depends_on:
diff --git a/lumi2/__init__.py b/lumi2/__init__.py
index eef5011..4895651 100644
--- a/lumi2/__init__.py
+++ b/lumi2/__init__.py
@@ -13,28 +13,13 @@ def create_app(test_config=None):
     Creates and configures the flask app.
     """
 
+    from . import default_configuration
     app = Flask(__name__, instance_relative_config=True)
-    app.config.from_mapping(
-        SECRET_KEY='ChangeMeInProduction',
-        ADMIN_PASSWORD='pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448',
-        SITE_URL='https://www.example.com/',
-        SITE_TITLE='LUMI 2',
-        SITE_AUTHOR='LUMI 2 Development Team',
-        SITE_DESCRIPTION='A simple frontend for LDAP account management.',
-        LDAP_HOSTNAME='ldap://openldap',
-        LDAP_BIND_USER_DN='cn=admin,dc=example,dc=com',
-        LDAP_BIND_USER_PASSWORD='admin',
-        LDAP_BASE_DN='dc=example,dc=com',
-        LDAP_USERS_OU='ou=users,dc=example,dc=com',
-        LDAP_GROUPS_OU='ou=groups,dc=example,dc=com',
-        LDAP_USER_OBJECT_CLASS='inetOrgPerson',
-        LDAP_GROUP_OBJECT_CLASS='groupOfUniqueNames',
-        MAX_CONTENT_LENGTH=8_000_000,
-    )
+    app.config.from_object(default_configuration)
 
     if test_config is None:
         # Load the instance config, if it exists, when not testing
-        app.config.from_pyfile('config.py', silent=True)
+        app.config.from_envvar('LUMI_CONFIG', silent=True)
     else:
         # Load the test config if passed in
         app.config.from_mapping(test_config)
diff --git a/lumi2/default_configuration.py b/lumi2/default_configuration.py
new file mode 100644
index 0000000..864d553
--- /dev/null
+++ b/lumi2/default_configuration.py
@@ -0,0 +1,22 @@
+"""Default configuration for lumi2.
+
+The values here should be overridden as necessary prior to deployment.
+"""
+
+SECRET_KEY = 'INSECURE'
+ADMIN_PASSWORD = 'pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448'
+
+#SERVER_NAME = 'lumi2.example.com:80'
+
+SITE_TITLE = 'LUMI 2'
+SITE_AUTHOR = 'LUMI 2 Development Team'
+SITE_DESCRIPTION = 'A simple frontend for LDAP account management.'
+
+LDAP_HOSTNAME = 'ldap://ldap.example.com'
+LDAP_BIND_USER_DN = 'cn=admin,dc=example,dc=com'
+LDAP_BIND_USER_PASSWORD = 'secret'
+LDAP_BASE_DN = 'dc=example,dc=com'
+LDAP_USERS_OU = 'ou=users,dc=example,dc=com'
+LDAP_GROUPS_OU = 'ou=groups,dc=example,dc=com'
+
+MAX_CONTENT_LENGTH = 8_000_000
diff --git a/lumi2/ldap.py b/lumi2/ldap.py
index 820d21d..b0240db 100644
--- a/lumi2/ldap.py
+++ b/lumi2/ldap.py
@@ -377,8 +377,6 @@ def _assert_app_config_is_valid() -> None:
     - 'LDAP_BASE_DN'
     - 'LDAP_USERS_OU'
     - 'LDAP_GROUPS_OU'
-    - 'LDAP_USER_OBJECT_CLASS'
-    - 'LDAP_GROUP_OBJECT_CLASS'
 
     Returns
     -------
@@ -401,8 +399,6 @@ def _assert_app_config_is_valid() -> None:
         'LDAP_BASE_DN',
         'LDAP_USERS_OU',
         'LDAP_GROUPS_OU',
-        'LDAP_USER_OBJECT_CLASS',
-        'LDAP_GROUP_OBJECT_CLASS',
     ]
 
     for key in required_keys:
@@ -419,8 +415,6 @@ def _assert_app_config_is_valid() -> None:
     _assert_is_valid_bind_user_dn(current_app.config['LDAP_BIND_USER_DN'])
     for base in ['LDAP_USERS_OU', 'LDAP_GROUPS_OU']:
         _assert_is_valid_ou_dn(current_app.config[base])
-    _assert_is_valid_user_object_class(current_app.config['LDAP_USER_OBJECT_CLASS'])
-    _assert_is_valid_group_object_class(current_app.config['LDAP_GROUP_OBJECT_CLASS'])
 
 
 def get_connection() -> Connection:
diff --git a/lumi2/templates/base.html b/lumi2/templates/base.html
index f401c45..7c0d619 100644
--- a/lumi2/templates/base.html
+++ b/lumi2/templates/base.html
@@ -10,7 +10,7 @@
 
         <meta property="og:title" content="{{ config.SITE_TITLE }}">
         <meta property="og:type" content="website">
-        <meta property="og:url" content="{{ config.SITE_URL }}">
+        <meta property="og:url" content="{{ request.url }}">
         <meta property="og:description" content="{{ config.SITE_DESCRIPTION }}">
         <meta property="og:image" content="{{ url_for('static', filename='images/base/og.png') }}">