diff --git a/.github/workflows/main-tag.yml b/.github/workflows/main-tag.yml
index e37f716..5265c67 100644
--- a/.github/workflows/main-tag.yml
+++ b/.github/workflows/main-tag.yml
@@ -15,7 +15,7 @@ jobs:
 
       - name: Get latest tag
         id: vars
-        run: echo ::set-output name=tag::${GITHUB_REF:10}
+        run: echo "tag=${GITHUB_REF:10}" >> ${GITHUB_OUTPUT}
 
       - name: Checkout
         uses: actions/checkout@v2
@@ -26,17 +26,17 @@ jobs:
         id: prep
         run: |
           BUILD_DATE=$(date --rfc-3339=seconds --utc)
-          echo ::set-output name=build_date::${BUILD_DATE}
+          echo "build_date=${BUILD_DATE}" >> ${GITHUB_OUTPUT}
           PLATFORMS=amd64,arm,arm64
           TAGS1="quay.io/${{ github.repository_owner }}/tor:${{ steps.vars.outputs.tag }}"
           if [ "${{github.event_name}}" == "pull_request" ]; then
-                echo ::set-output name=push::false
+                echo "push=false" >> ${GITHUB_OUTPUT}
               else
-                echo ::set-output name=push::true
-                echo ::set-output name=tags1::${TAGS1}
-                echo ::set-output name=branch::${GIT_BRANCH}
+                echo "push=true" >> ${GITHUB_OUTPUT}
+                echo "tags1=${TAGS1}" >> ${GITHUB_OUTPUT}
+                echo "branch=${GIT_BRANCH}" >> ${GITHUB_OUTPUT}
           fi
-          echo ::set-output name=platforms::${PLATFORMS}
+          echo "platforms=${PLATFORMS}" >> ${GITHUB_OUTPUT}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4881232..61af18b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ jobs:
 
       - name: Set latest tag
         id: vars
-        run: echo ::set-output name=tag::latest
+        run: echo "tag=latest" >> ${GITHUB_OUTPUT}
 
       - name: Checkout
         uses: actions/checkout@v2
@@ -27,17 +27,17 @@ jobs:
         id: prep
         run: |
           BUILD_DATE=$(date --rfc-3339=seconds --utc)
-          echo ::set-output name=build_date::${BUILD_DATE}
+          echo "build_date=${BUILD_DATE}" >> ${GITHUB_OUTPUT}
           PLATFORMS=amd64,arm,arm64
           TAGS1="quay.io/${{ github.repository_owner }}/tor:${{ steps.vars.outputs.tag }}"
           if [ "${{github.event_name}}" == "pull_request" ]; then
-                echo ::set-output name=push::false
+                echo "push=false" >> ${GITHUB_OUTPUT}
               else
-                echo ::set-output name=push::true
-                echo ::set-output name=tags1::${TAGS1}
-                echo ::set-output name=branch::${GIT_BRANCH}
+                echo "push=true" >> ${GITHUB_OUTPUT}
+                echo "tags1=${TAGS1}" >> ${GITHUB_OUTPUT}
+                echo "branch=${GIT_BRANCH}" >> ${GITHUB_OUTPUT}
           fi
-          echo ::set-output name=platforms::${PLATFORMS}
+          echo "platforms=${PLATFORMS}" >> ${GITHUB_OUTPUT}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
diff --git a/Dockerfile b/Dockerfile
index 58c863a..3062a57 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,58 +1,60 @@
 ARG ALPINE_VERSION="3.18.4"
 
 # Tor builder
-FROM --platform=$TARGETPLATFORM docker.io/library/alpine:$ALPINE_VERSION as tor-builder
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:${ALPINE_VERSION} as tor-builder
 
-ARG TOR_VERSION="0.4.8.7"
+ARG TOR_VERSION="0.4.8.8"
 RUN apk add --update --no-cache \
     git build-base automake autoconf make \
     build-base openssl-dev libevent-dev zlib-dev \
     xz-dev zstd-dev
 
 # Install Tor from source
-RUN git clone https://gitlab.torproject.org/tpo/core/tor.git --depth 1 --branch tor-$TOR_VERSION /tor
 WORKDIR /tor
-RUN ./autogen.sh
+RUN git clone https://gitlab.torproject.org/tpo/core/tor.git --depth 1 --branch tor-"${TOR_VERSION}" /tor && \
+      ./autogen.sh
 
 # Notes:
 # - --enable-gpl is required to compile PoW anti-DoS: https://community.torproject.org/onion-services/advanced/dos/
+# --enable-static-tor
 RUN ./configure \
     --disable-asciidoc \
     --disable-manpage \
     --disable-html-manual \
-    --enable-gpl
-    # --enable-static-tor
-RUN make
-RUN make install
+    --enable-gpl && \
+      make && \
+      make install
 
 # Build the obfs4 binary (cross-compiling)
 FROM --platform=$BUILDPLATFORM golang:1.20-alpine as obfs-builder
 ARG OBFS_VERSION="obfs4proxy-0.0.14-tor2"
 
-RUN apk add --update --no-cache git
-RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4.git --depth 1 --branch $OBFS_VERSION /obfs
+WORKDIR /obfs
+RUN apk add --update --no-cache git && \
+      git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird.git --depth 1 --branch "${OBFS_VERSION}" /obfs
 
 # Build obfs
 RUN mkdir /out
-WORKDIR /obfs
+
 ARG TARGETOS TARGETARCH
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg \
     CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/obfs4proxy ./obfs4proxy
 
 # Tor runner
-FROM --platform=$TARGETPLATFORM docker.io/library/alpine:$ALPINE_VERSION as runner
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:${ALPINE_VERSION} as runner
 
 LABEL \
       org.opencontainers.image.source "https://github.com/bugfest/tor-docker"
 
 WORKDIR /app
+ENV HOME=/app
 
 RUN apk add --update --no-cache \
-    libevent \
-    xz-libs \
-    zstd-libs \
-    && chmod -R g+w /app /run
+      libevent \
+      xz-libs \
+      zstd-libs && \
+    chmod -R g+w /app /run
 
 # install tor
 RUN mkdir -p /usr/local/bin /usr/local/etc/tor /usr/local/share/tor
@@ -68,10 +70,10 @@ COPY --from=tor-builder /tor/src/config/geoip6 /usr/local/share/tor/.
 # install transports
 COPY --from=obfs-builder /out/obfs4proxy /usr/local/bin/.
 
-# create service dir
-RUN mkdir -p /run/tor/service && \
-    chmod -R g+w /run
-
+# change to non root
 USER 1001
 
+# create service dir
+VOLUME /run/tor/service
+
 ENTRYPOINT ["/usr/local/bin/tor"]
diff --git a/Dockerfile.obfs4 b/Dockerfile.obfs4
index 5afa726..c78df6c 100644
--- a/Dockerfile.obfs4
+++ b/Dockerfile.obfs4
@@ -1,27 +1,21 @@
-ARG TARGETOS TARGETARCH
-
-# Clone the obfs4 repo
-FROM --platform=$BUILDPLATFORM golang:1.17-alpine as git
+# Build the obfs4 binary (cross-compiling)
+FROM --platform=$BUILDPLATFORM golang:1.20-alpine as obfs-builder
 ARG OBFS_VERSION="obfs4proxy-0.0.14-tor2"
 
-RUN apk add git
-RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4.git --depth 1 --branch $OBFS_VERSION /obfs
+RUN apk add --update --no-cache git && \
+      git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird.git --depth 1 --branch "${OBFS_VERSION}" /obfs
 
-# Build the obfs4 binary
-FROM --platform=$BUILDPLATFORM golang:1.17-alpine as builder
-RUN echo 'nobody:x:65534:65534:Nobody:/:' > /tmp/passwd
-
-# Build
+# Build obfs
 RUN mkdir /out
 WORKDIR /obfs
-RUN --mount=target=. \
-    --mount=type=cache,target=/root/.cache/go-build \
+ARG TARGETOS TARGETARCH
+RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg \
-    --mount=type=bind,from=git,source=/obfs,target=/obfs \
-    CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -ldflags="-s -w" -o /out/obfs4proxy ./obfs4proxy
+    CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/obfs4proxy ./obfs4proxy && \
+      echo 'user:x:1001:1001:user:/:' > /tmp/passwd
 
 FROM scratch
-USER nobody
-COPY --from=builder /tmp/passwd /etc/passwd
-COPY --from=builder /out/obfs4proxy /
+USER 1001
+COPY --from=obfs-builder /tmp/passwd /etc/passwd
+COPY --from=obfs-builder /out/obfs4proxy /
 ENTRYPOINT ["/obfs4proxy"]
diff --git a/Dockerfile.quick b/Dockerfile.quick
index 8c42137..7158708 100644
--- a/Dockerfile.quick
+++ b/Dockerfile.quick
@@ -4,8 +4,8 @@ ARG ALPINE_VERSION="3.18.4"
 FROM --platform=$BUILDPLATFORM golang:1.20-alpine as obfs-builder
 ARG OBFS_VERSION="obfs4proxy-0.0.14-tor2"
 
-RUN apk add --update --no-cache git
-RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4.git --depth 1 --branch $OBFS_VERSION /obfs
+RUN apk add --update --no-cache git && \
+      git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird.git --depth 1 --branch "${OBFS_VERSION}" /obfs
 
 # Build obfs
 RUN mkdir /out
@@ -16,21 +16,29 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/obfs4proxy ./obfs4proxy
 
 # Tor runner
-FROM --platform=$TARGETPLATFORM docker.io/library/alpine:$ALPINE_VERSION as runner
-ARG TOR_VERSION="0.4.8.7"
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:${ALPINE_VERSION} as runner
 
 LABEL \
       org.opencontainers.image.source "https://github.com/bugfest/tor-docker"
 
 WORKDIR /app
+ENV HOME=/app
 
+ARG TOR_VERSION="0.4.8.8"
 RUN apk add --update --no-cache \
-      tor=~${TOR_VERSION} && \
+      tor=~"${TOR_VERSION}" && \
     chmod -R g+w /app /run
 
+# fix hard coded path for controller
+RUN ln -s /usr/bin/tor /usr/local/bin/tor
+
 # install transports
 COPY --from=obfs-builder /out/obfs4proxy /usr/local/bin/.
 
+# change to non root
 USER 1001
 
-ENTRYPOINT ["tor"]
+# create service dir
+VOLUME /run/tor/service
+
+ENTRYPOINT ["/usr/local/bin/tor"]
diff --git a/Makefile b/Makefile
index 59bb6f5..c4bd7f9 100644
--- a/Makefile
+++ b/Makefile
@@ -6,8 +6,8 @@ all: build
 quick:
 	docker buildx build \
 		--platform=linux/amd64,linux/arm,linux/arm64 \
-		--build-arg TOR_VERSION=0.4.8.7 \
-		--tag quay.io/bugfest/tor:0.4.8.7 \
+		--build-arg TOR_VERSION=0.4.8.8 \
+		--tag quay.io/bugfest/tor:0.4.8.8 \
 		--tag quay.io/bugfest/tor:latest \
 		--squash \
 		-f Dockerfile.quick \
@@ -18,8 +18,8 @@ quick:
 build:
 	docker buildx build \
 		--platform=linux/amd64,linux/arm,linux/arm64 \
-		--build-arg TOR_VERSION=0.4.8.7 \
-		--tag quay.io/bugfest/tor:0.4.8.7 \
+		--build-arg TOR_VERSION=0.4.8.8 \
+		--tag quay.io/bugfest/tor:0.4.8.8 \
 		--tag quay.io/bugfest/tor:latest \
 		--squash \
 		-f Dockerfile \
diff --git a/README.md b/README.md
index bc9e7fd..36954dc 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
-<h1 align="center"><b>tor-docker</b></h1>
-
+# tor-docker
 
 [![Build multiarch image - latest](https://github.com/bugfest/tor-docker/actions/workflows/main.yml/badge.svg)](https://github.com/bugfest/tor-docker/actions/workflows/main.yml)
 [![Build multiarch image - tag](https://github.com/bugfest/tor-docker/actions/workflows/main-tag.yml/badge.svg)](https://github.com/bugfest/tor-docker/actions/workflows/main-tag.yml)
 
-`Tor` daemon (https://www.torproject.org/download/tor/) multiarch container.
+`Tor` daemon multiarch container.
 
 Additional transport plugins included in the image:
+
 - `obfs4proxy`
 
 Tested architectures:
@@ -16,18 +16,24 @@ Tested architectures:
 - `arm64`
 
 Source code:
+
 - https://gitlab.torproject.org/tpo/core/tor
-- https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4
+- https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird
+
+Downloads:
+
+- https://www.torproject.org/download/tor
 
 Used by:
+
 - [bugfest/tor-controller](https://github.com/bugfest/tor-controller)
 
-# Tor
+## Tor
 
 Tor is an anonymity network that provides:
 
 - privacy
-- enhanced tamperproofing
+- enhanced tamper proofing
 - freedom from network surveillance
 - NAT traversal
 
@@ -51,7 +57,7 @@ WARNING: some Tor features might be missing, depending on the [Alpine community
 make quick
 ```
 
-# Usage
+## Usage
 
 ```shell
 docker pull quay.io/bugfest/tor