Limited user.

Use capabilities to bind to lower number port. Also, remove the expose
directive, it's already in the original image.