diff --git a/ansible/ansible.yml b/ansible/ansible.yml
index a607f14..8d95054 100644
--- a/ansible/ansible.yml
+++ b/ansible/ansible.yml
@@ -1,5 +1,6 @@
 ---
 - hosts: all
+  become: yes
 
   # Install python if required
   # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
@@ -37,14 +38,16 @@
   - name: build the dev docker image
     local_action: shell cd .. && sudo docker build . -f docker/Dockerfile -t joinpeertube:latest
     register: image_build
+    become: no
 
   - name: find hash of the new docker image
     set_fact:
-    image_hash: "{{ image_build.stdout | regex_search('(?<=Successfully built )[0-9a-f]{12}') }}"
+      image_hash: "{{ image_build.stdout | regex_search('(?<=Successfully built )[0-9a-f]{12}') }}"
 
   # this does not use become so that the output file is written as non-root user and is easy to delete later
   - name: save dev docker image to file
     local_action: shell sudo docker save joinpeertube:latest > joinpeertube-latest.tar
+    become: no
 
   - name: copy dev docker image to server
     copy: src=joinpeertube-latest.tar dest=/joinpeertube/joinpeertube-latest.tar
@@ -56,13 +59,13 @@
       load_path: /joinpeertube/joinpeertube-latest.tar
       source: load
       force_source: yes
-      register: image_import
 
   - name: delete remote image file
     file: path=/joinpeertube/joinpeertube-latest.tar state=absent
 
   - name: delete local image file
-    local_action: file path=joinpeertube-latest.tar state=absent
+    local_action: shell sudo rm joinpeertube-latest.tar
+    become: no
 
   - name: enable and start docker service
     systemd:
@@ -74,7 +77,6 @@
     docker_compose:
       project_src: /joinpeertube/
       state: present
-      pull: yes
 
   - name: reload nginx with new config
     shell: nginx -s reload
diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf
index 3c91042..6083d8b 100644
--- a/ansible/templates/nginx.conf
+++ b/ansible/templates/nginx.conf
@@ -22,7 +22,6 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
     ssl_session_timeout  10m;
-    ssl_session_cache shared:SSL:10m;
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;