diff --git a/README.md b/README.md
index 057d9de..13260ad 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,6 @@ The idea is to provide tt-rss working (and updating) out of the box with minimal
 
 **This compose setup uses prebuilt images from Docker Hub.**
 
-This setup is still WIP. Some features may be unimplemented or broken. Check the following
-before deploying:
-
 - [TODO](https://git.tt-rss.org/fox/ttrss-docker-compose/wiki/TODO)
 - [FAQ](https://git.tt-rss.org/fox/ttrss-docker-compose/wiki#faq)
 
@@ -21,6 +18,7 @@ General outline of the configuration is as follows:
  - Caddy has its http port exposed to the outside
  - optional SSL support via Caddy w/ automatic letsencrypt certificates
  - feed updates are handled via update daemon started in a separate container (updater)
+ - optional backups container which performs tt-rss database backup once a week
 
 ### Installation
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 9f9f747..5fe0ec4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -48,6 +48,23 @@ services:
       - app
     command: /updater.sh
 
+  backups:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: unless-stopped
+    environment:
+      - DB_TYPE=pgsql
+      - DB_HOST=db
+      - DB_NAME=${POSTGRES_USER}
+      - DB_USER=${POSTGRES_USER}
+      - DB_PASS=${POSTGRES_PASSWORD}
+      - OWNER_UID=${OWNER_UID}
+      - OWNER_GID=${OWNER_GID}
+    volumes:
+      - backups:/backups
+    depends_on:
+      - db
+    command: /dcron.sh -f
+
   web:
     image: cthulhoo/ttrss-web
     restart: unless-stopped
@@ -87,3 +104,4 @@ volumes:
   db:
   app:  
   certs:
+  backups:
diff --git a/src/app/Dockerfile b/src/app/Dockerfile
index 20a1961..589ad8e 100644
--- a/src/app/Dockerfile
+++ b/src/app/Dockerfile
@@ -1,7 +1,7 @@
-FROM alpine:3.9
+FROM alpine:3.12
 EXPOSE 9000/tcp
 
-RUN apk add --no-cache php7 php7-fpm \
+RUN apk add --no-cache dcron php7 php7-fpm \
 	php7-pdo php7-gd php7-pgsql php7-pdo_pgsql php7-mbstring \
 	php7-intl php7-xml php7-curl php7-session \
 	php7-dom php7-fileinfo php7-json \
@@ -12,8 +12,11 @@ ADD startup.sh /
 ADD updater.sh /
 ADD index.php /
 ADD build-prepare.sh /
+ADD dcron.sh /
+ADD backup-database.sh /etc/periodic/weekly/backup-database
 
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
+RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini
 
 RUN sh -c /build-prepare.sh
 
diff --git a/src/app/backup-database.sh b/src/app/backup-database.sh
new file mode 100755
index 0000000..6918e24
--- /dev/null
+++ b/src/app/backup-database.sh
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+
+DST_DIR=/backups
+KEEP_DAYS=28
+
+if pg_isready -h $DB_HOST -U $DB_USER; then
+	DST_FILE=ttrss-backup-$(date +%Y%m%d).sql.gz
+
+	echo backing up tt-rss database to $DST_DIR/$DST_FILE...
+
+	export PGPASSWORD=$DB_PASS 
+
+	pg_dump --clean -h $DB_HOST -U $DB_USER $DB_NAME | gzip > $DST_DIR/$DST_FILE
+
+	echo cleaning up...
+
+	find $DST_DIR -type f -name '*.sql.gz' -mtime +$KEEP_DAYS -delete
+
+	echo done.
+else
+	echo backup failed: database is not ready.
+fi
diff --git a/src/app/dcron.sh b/src/app/dcron.sh
new file mode 100755
index 0000000..b16f15a
--- /dev/null
+++ b/src/app/dcron.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# https://github.com/dubiousjim/dcron/issues/13
+set -e
+
+/usr/sbin/crond "$@"
diff --git a/src/app/startup.sh b/src/app/startup.sh
index 68a7cae..df8758f 100755
--- a/src/app/startup.sh
+++ b/src/app/startup.sh
@@ -42,7 +42,8 @@ for d in cache lock feed-icons plugins.local themes.local; do
 done
 
 for d in cache lock feed-icons; do
-	chmod -R 777 $DST_DIR/$d
+	chmod 777 $DST_DIR/$d
+	find $DST_DIR/$d -type f -exec chmod 666 {} \;
 done
 
 chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
@@ -83,6 +84,8 @@ else
 		-i.bak $DST_DIR/config.php
 fi
 
+cd $DST_DIR && sudo -u app php ./update.php --update-schema=force-yes
+
 touch $DST_DIR/.app_is_ready
 
 sudo -u app /usr/sbin/php-fpm7 -F
diff --git a/src/docker-compose.yml b/src/docker-compose.yml
index 8f3b70c..f203481 100644
--- a/src/docker-compose.yml
+++ b/src/docker-compose.yml
@@ -57,6 +57,26 @@ services:
       - app
     command: /updater.sh
 
+  backups:
+    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
+    build:
+      context:
+        ./app
+    restart: unless-stopped
+    environment:
+      - DB_TYPE=pgsql
+      - DB_HOST=db
+      - DB_NAME=${POSTGRES_USER}
+      - DB_USER=${POSTGRES_USER}
+      - DB_PASS=${POSTGRES_PASSWORD}
+      - OWNER_UID=${OWNER_UID}
+      - OWNER_GID=${OWNER_GID}
+    volumes:
+      - backups:/backups
+    depends_on:
+      - db
+    command: /dcron.sh -f
+
   web:
     image: cthulhoo/ttrss-web:latest
     build: ./web
@@ -99,3 +119,4 @@ volumes:
   db:
   app:  
   certs:
+  backups:
diff --git a/src/web-nginx/nginx.conf b/src/web-nginx/nginx.conf
index efe2eea..033f9da 100644
--- a/src/web-nginx/nginx.conf
+++ b/src/web-nginx/nginx.conf
@@ -29,6 +29,10 @@ http {
 			internal;
 		}
 
+		location /tt-rss/backups {
+			internal;
+		}
+
 		location ~ \.php$ {
 			# regex to split $uri to $fastcgi_script_name and $fastcgi_path
 			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
diff --git a/src/web-ssl/Caddyfile b/src/web-ssl/Caddyfile
index 56c2239..076829c 100644
--- a/src/web-ssl/Caddyfile
+++ b/src/web-ssl/Caddyfile
@@ -5,4 +5,5 @@ root /var/www/html
 log stdout
 errors stderr
 internal /tt-rss/cache
-fastcgi / app:9000 php
\ No newline at end of file
+internal /tt-rss/backups
+fastcgi / app:9000 php
diff --git a/src/web/Caddyfile b/src/web/Caddyfile
index e65d2c8..19999ab 100644
--- a/src/web/Caddyfile
+++ b/src/web/Caddyfile
@@ -3,4 +3,5 @@ root /var/www/html
 log stdout
 errors stderr
 internal /tt-rss/cache
-fastcgi / app:9000 php
\ No newline at end of file
+internal /tt-rss/backups
+fastcgi / app:9000 php