diff --git a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh
index 92d1f1c531..70265cf649 100755
--- a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh
+++ b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh
@@ -1,4 +1,4 @@
-#/bin/sh!
+#!/bin/bash
 set -e
 
 echo "${WOPISECRET}" > /etc/wopi/wopisecret
@@ -11,6 +11,11 @@ sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN}'/g' /etc/wopi/wopiserver.conf
 sed -i 's/collabora.owncloud.test/'${COLLABORA_DOMAIN}'/g' /etc/wopi/wopiserver.conf
 sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf
 
+
+if [ "$WOPISERVER_INSECURE" == "true" ]; then
+    sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
+fi
+
 touch /var/log/wopi/wopiserver.log
 
 /app/wopiserver.py &
diff --git a/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist b/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist
index 97a6b34c64..4a2a45576f 100644
--- a/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist
+++ b/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist
@@ -1,27 +1,23 @@
 #
+# This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf
+#
 # wopiserver.conf
 #
-# Default configuration file for the WOPI server for CERNBox
+# Default configuration file for the WOPI server for oCIS
 #
 ##############################################################
 
 [general]
 # Storage access layer to be loaded in order to operate this WOPI server
-# Supported values: local, xroot, cs3.
+# only "cs3" is supported with oCIS
 storagetype = cs3
 
 # Port where to listen for WOPI requests
 port = 8880
 
-# URL of your Microsoft Office Online service
-#oosurl = https://officeonline.owncloud.test
-
-# URL of your Collabora Online service
-#codeurl = https://collabora.owncloud.test
-
-# URL of your CodiMD service
-codimdurl = https://codimd.owncloud.test
-codimdinturl = http://codimd:3000
+# Logging level. Debug enables the Flask debug mode as well.
+# Valid values are: Debug, Info, Warning, Error.
+loglevel = Error
 
 # URL of your WOPI server or your HA proxy in front of it
 wopiurl = https://wopiserver.owncloud.test
@@ -30,15 +26,15 @@ wopiurl = https://wopiserver.owncloud.test
 # to clients will include the access_token argument
 downloadurl = https://wopiserver.owncloud.test/wopi/cbox/download
 
-# Optional URL prefix for WebDAV access to the files. This enables the
-# 'Edit in Desktop client' action on Windows-based clients
-webdavurl = https://ocis.owncloud.test/webdav
+# The internal server engine to use (defaults to flask).
+# Set to waitress for production installations.
+internalserver = waitress
 
 # List of file extensions deemed incompatible with LibreOffice:
 # interoperable locking will be disabled for such files
 nonofficetypes = .md .zmd .txt .epd
 
-# List of file extensions to be supported by Collabora
+# List of file extensions to be supported by Collabora (deprecated)
 codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key
 
 # WOPI access token expiration time [seconds]
@@ -51,11 +47,12 @@ wopilockexpiration = 3600
 # that is their representation must match. False (default) allows for a more relaxed
 # comparison, which compensates incorrect lock requests from Microsoft Office Online
 # on-premise setups.
-#wopilockstrictcheck = False
+wopilockstrictcheck = False
 
 # Enable support of rename operations from WOPI apps. This is currently
 # disabled by default as it has been observed that both MS Office and Collabora
 # Online do not play well with this feature.
+# Not supported with oCIS, must always be set to "False"
 enablerename = False
 
 # Detection of external Microsoft Office or LibreOffice locks. By default, lock files
@@ -63,6 +60,7 @@ enablerename = False
 # underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock
 # and SetLock operations return such locks and prevent online apps from entering edit mode.
 # This feature can be disabled in order to operate a pure WOPI server for online apps.
+# Not supported with oCIS, must always be set to "False"
 detectexternallocks = False
 
 # Location of the webconflict files. By default, such files are stored in the same path
@@ -75,13 +73,9 @@ detectexternallocks = False
 #conflictpath = /
 
 # ownCloud's WOPI proxy configuration. Disabled by default.
-#wopiproxy = https://external-wopi-proxy.org
-#wopiproxykey = key_for_proxy_jwt_encoding
-#proxiedappname = name_of_your_proxied_app
-
-# Logging level. Debug enables the Flask debug mode as well.
-# Valid values are: Debug, Info, Warning, Error.
-loglevel = Info
+#wopiproxy = https://external-wopi-proxy.com
+#wopiproxysecretfile = /path/to/your/shared-key-file
+#proxiedappname = Name of your proxied app
 
 [security]
 # Location of the secret files. Requires a restart of the
@@ -100,7 +94,7 @@ wopikey = /etc/grid-security/host.key
 
 [bridge]
 # SSL certificate check for the connected apps
-sslverify = False
+sslverify = True
 
 # Minimal time interval between two consecutive save operations [seconds]
 #saveinterval = 200
@@ -108,39 +102,25 @@ sslverify = False
 # Minimal time interval before a closed file is WOPI-unlocked [seconds]
 #unlockinterval = 90
 
+# CodiMD: disable creating zipped bundles when files contain pictures
+#disablezip = False
 
 [io]
 # Size used for buffered reads [bytes]
 chunksize = 4194304
 
-
-[xroot]
-# URL of the default remote xroot storage server. This can be overridden
-# if the end-point is passed on the /wopi/cbox/open call
-#storageserver = root://your-xrootd-server.org
-
-# Optional EOS top-level path that will be prepended to all user paths. Useful
-# to map the CERNBox-exposed files in a subfolder of the EOS storage. By default,
-# this is not used and storagehomepath is empty.
-#storagehomepath = /your/top/storage/path
-
-
-[local]
-# Location of the folder or mount point used as local storage
-#storagehomepath = /mnt/your_local_storage
-
+# Path to a recovery space in case of I/O errors when reaching to the remote storage.
+# This is expected to be a local path, and it is provided in order to ease user support.
+# Defaults to the indicated spool folder.
+#recoverypath = /var/spool/wopirecovery
 
 [cs3]
 # Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint
 revagateway = ocis:9142
 
-# HTTP (WebDAV) endpoint for uploading files
-#datagateway = https://your-reva-server.org:port/data
-
 # Reva/gRPC authentication token expiration time [seconds]
 # The default value matches Reva's default
 authtokenvalidity = 3600
 
 # SSL certificate check for Reva
-# oCIS uses self signed certificate in this example
-sslverify = false
+sslverify = True
diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml
index f1d02902fb..c841d517ae 100644
--- a/deployments/examples/ocis_wopi/docker-compose.yml
+++ b/deployments/examples/ocis_wopi/docker-compose.yml
@@ -173,9 +173,10 @@ services:
     networks:
       ocis-net:
     entrypoint:
-      - /bin/sh
+      - /bin/bash
       - /entrypoint-override.sh
     environment:
+      WOPISERVER_INSECURE: "${INSECURE:-false}"
       WOPISECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
       IOPSECRET: ${WOPI_IOP_SECRET:-LoremIpsum123}
       CODIMDSECRET: ${CODIMD_SECRET:-LoremIpsum456}