diff --git a/environment_docker/README.md b/environment_docker/README.md
index d0d8edd..159bea1 100644
--- a/environment_docker/README.md
+++ b/environment_docker/README.md
@@ -24,7 +24,10 @@ Name: webarena-with-configurable-map-backend
 ID: ami-08a862bf98e3bd7aa
 ```
 
-1. Create a security group that allows all inbound traffic.
+1. Create a security group that allows all inbound traffic, or at minimum, create a security group with the following inbound rules:
+   - SSH (port 22) from your IP
+   - HTTP (port 80) from anywhere (0.0.0.0/0)
+   - Custom TCP ports: 3000, 7770, 7780, 8023, 8888, 9999 from anywhere (0.0.0.0/0)
 
 2. Create an instance (recommended type: t3a.xlarge, 1000GB EBS root volume) from the webarena AMI. Use the security group just created and remember to select SSH key-pair.
 
@@ -49,6 +52,16 @@ docker compose start
 
 :clock1: wait ~1 min to wait all services to start
 
+**If services are not accessible externally**, run these iptables rules:
+```bash
+sudo iptables -t nat -A PREROUTING -p tcp --dport 7770 -j REDIRECT --to-port 7770
+sudo iptables -t nat -A PREROUTING -p tcp --dport 7780 -j REDIRECT --to-port 7780
+sudo iptables -t nat -A PREROUTING -p tcp --dport 3000 -j REDIRECT --to-port 3000
+sudo iptables -t nat -A PREROUTING -p tcp --dport 8888 -j REDIRECT --to-port 8888
+sudo iptables -t nat -A PREROUTING -p tcp --dport 9999 -j REDIRECT --to-port 9999
+sudo iptables -t nat -A PREROUTING -p tcp --dport 8023 -j REDIRECT --to-port 8023
+```
+
 6. Run
 ```bash
 docker exec shopping /var/www/magento2/bin/magento setup:store-config:set --base-url="http://<your-server-hostname>:7770" # no trailing /
@@ -66,6 +79,25 @@ docker exec gitlab sed -i "s|^external_url.*|external_url 'http://<your-server-h
 docker exec gitlab gitlab-ctl reconfigure
 ```
 
+**If GitLab shows 502 errors**, run:
+```bash
+docker exec gitlab rm -f /var/opt/gitlab/postgresql/data/postmaster.pid
+docker exec gitlab /opt/gitlab/embedded/bin/pg_resetwal -f /var/opt/gitlab/postgresql/data
+docker exec gitlab gitlab-ctl restart
+```
+
+**Test all services** (should return HTTP 200):
+```bash
+HOSTNAME="<your-server-hostname>"
+curl -s -o /dev/null -w "Shopping (7770): %{http_code}\n" http://$HOSTNAME:7770
+curl -s -o /dev/null -w "Shopping Admin (7780): %{http_code}\n" http://$HOSTNAME:7780
+curl -s -o /dev/null -w "Forum (9999): %{http_code}\n" http://$HOSTNAME:9999
+curl -s -o /dev/null -w "Wikipedia (8888): %{http_code}\n" http://$HOSTNAME:8888
+curl -s -o /dev/null -w "Map (3000): %{http_code}\n" http://$HOSTNAME:3000
+curl -s -o /dev/null -w "GitLab (8023): %{http_code}\n" http://$HOSTNAME:8023
+curl -s -o /dev/null -w "Map tile: %{http_code}\n" http://$HOSTNAME:3000/tile/0/0/0.png
+```
+
 You should be able to access your environment websites now, and stop reading.
 However, if you are unable to use AWS AMI, read below to set up on your own machine.