diff --git a/docker-compose.elk.yml.dist b/docker-compose.elk.yml.dist
index 95f3aa2f..2621b577 100644
--- a/docker-compose.elk.yml.dist
+++ b/docker-compose.elk.yml.dist
@@ -38,12 +38,17 @@ services:
     command: ["filebeat", "-e", "--strict.perms=false"]
     restart: always
   elk:
-     build: elk
+     build:
+       context: elk
+       args:
+       - MAXMIND_LICENSE
      ports:
      - "5601:5601"
      - "9200:9200"
      - "5044:5044"
      - "5000:5000"
+     env_file:
+     - elk/.env
      restart: always
 
 volumes:
diff --git a/elk/.env.dist b/elk/.env.dist
new file mode 100644
index 00000000..43a62e16
--- /dev/null
+++ b/elk/.env.dist
@@ -0,0 +1 @@
+MAXMIND_LICENSE=
diff --git a/elk/Dockerfile b/elk/Dockerfile
index de97d26f..98a35316 100644
--- a/elk/Dockerfile
+++ b/elk/Dockerfile
@@ -1,4 +1,4 @@
-FROM sebp/elk:720
+FROM sebp/elk:761
 
 RUN mkdir /etc/logstash/patterns.d
 #postfix grok and filter
@@ -10,15 +10,18 @@ COPY 16-amavis.conf /etc/logstash/conf.d
 # dovecot grok and filter
 RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok
 RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf
-# FIXME: may be a cron job? 
+# FIXME: may be a cron job?
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+ARG MAXMIND_LICENSE
 RUN mkdir  -p /usr/share/GeoIP && \
- curl -L http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz | gunzip -c - > /usr/share/GeoIP/GeoLiteCity.dat 
+curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${MAXMIND_LICENSE}&suffix=tar.gz" \
+| tar zx --to-stdout --wildcards --no-anchored '*.mmdb' > /usr/share/GeoIP/GeoLiteCity.dat
 
 WORKDIR ${LOGSTASH_HOME}
 RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip
 
-# override beats input 
+# override beats input
 COPY 02-beats-input.conf /etc/logstash/conf.d/
 # override syslog
 COPY 10-syslog.conf /etc/logstash/conf.d/
diff --git a/elk/docker-compose.yml.dist b/elk/docker-compose.yml.dist
new file mode 100644
index 00000000..1bdfbb25
--- /dev/null
+++ b/elk/docker-compose.yml.dist
@@ -0,0 +1,16 @@
+version: '2'
+
+services:
+  elk:
+     build:
+       context: .
+       args:
+       - MAXMIND_LICENSE
+     ports:
+     - "5601:5601"
+     - "9200:9200"
+     - "5044:5044"
+     - "5000:5000"
+     env_file:
+     - .env
+     restart: always