diff --git a/README.md b/README.md
index f35c8cb..20f18da 100644
--- a/README.md
+++ b/README.md
@@ -76,13 +76,13 @@ docker-compose up -d
 
 ## Configuration
 
-The server can be configured by creating a JSON configuration file at `~/.config/simple_object_storage/config.json`. Here's an example configuration:
+The server can be configured by creating a JSON configuration file at `~/.config/simple_object_storage/config.json`. Default values are shown below (everything but write tokens), suitable for running in Docker.
 
 ```json
 {
-    "host": "localhost",
-    "port": 8080,
-    "storage_path": "/path/to/storage",
+    "host": "0.0.0.0",
+    "port": 80,
+    "storage_path": "/data/storage",
     "write_tokens": ["your-secret-token"],
     "cors": {
         "allowed_origins": ["*"],
@@ -92,7 +92,7 @@ The server can be configured by creating a JSON configuration file at `~/.config
     },
    "rate_limiting": {
         "auth_rate_limit": 5,        // Maximum number of auth attempts
-        "auth_window_seconds": 10    // Time window in seconds (10 seconds)
+        "auth_window_seconds": 300   // Time window in seconds (5 minutes)
     }
 }
 ```
diff --git a/src/config.cpp b/src/config.cpp
index 7aacf47..8240621 100644
--- a/src/config.cpp
+++ b/src/config.cpp
@@ -17,10 +17,7 @@ bool load_config(const std::string& config_path, ServerConfig& config) {
         nlohmann::json j;
         file >> j;
 
-        config.host = "0.0.0.0";
-        config.port = 8123;
-        config.object_store_path = "/data/storage";
-        config.write_tokens = {};
+        config = ServerConfig(); // set defaults.
 
         // Parse write tokens
         if (j.contains("write_tokens")) {
diff --git a/src/config.hpp b/src/config.hpp
index 4a2d36f..facc65c 100644
--- a/src/config.hpp
+++ b/src/config.hpp
@@ -9,17 +9,19 @@ namespace simple_object_storage {
 
 struct ServerConfig {
     std::vector<std::string> write_tokens;
-    std::filesystem::path object_store_path;
+    std::filesystem::path object_store_path = "/data/storage";
     std::string host = "0.0.0.0";
-    uint16_t port = 0;
+    uint16_t port = 80;
+
     // CORS configuration
     std::vector<std::string> allowed_origins = {"*"};  // Default to allow all origins
     std::vector<std::string> allowed_methods = {"GET", "PUT", "POST", "DELETE", "OPTIONS"};
     std::vector<std::string> allowed_headers = {"Authorization", "Content-Type"};
     bool allow_credentials = false;
+    
     // Rate limiting configuration
     int auth_rate_limit = 5;  // Maximum number of auth attempts
-    int auth_window_seconds = 10;  // Time window in seconds (10 seconds)
+    int auth_window_seconds = 300;  // Time window in seconds (5 minutes)
 };
 
 bool load_config(const std::string& config_path, ServerConfig& config);