diff --git a/README.md b/README.md
index fe3353025a043fdadb500130c9c31a97a0d542de..02a0c0c627dda1cb670c01f49414dc4563715dec 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ proxy one domain to a single upstream address.
 
 Use environment variables to control the proxy behavior.
 
-* `PORT` (default 443) - Port that the proxy will listen on.
-* `DOMAIN` - Domain to proxy.
-* `BACKEND_ADDR` - Address (in host:port syntax) of the upstream.
+* `PROXY_PORT` (default 443) - Port that the proxy will listen on.
+* `PROXY_DOMAIN` - Domain to proxy.
+* `PROXY_BACKEND_ADDR` - Address (in host:port syntax) of the upstream.
 
diff --git a/start.sh b/start.sh
index aac2c9241108532fde1409ce4ad8f4b1f95e0b4b..8111c5ac75ab19e540cc926893ab600f16093478 100755
--- a/start.sh
+++ b/start.sh
@@ -8,8 +8,8 @@ config_dir=$(mktemp -d)
 echo "generating self-signed certificate..."
 openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 \
     -nodes -keyout ${config_dir}/ssl.key -out ${config_dir}/ssl.crt \
-    -subj "/CN=${DOMAIN}" \
-    -addext "subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN}"
+    -subj "/CN=${PROXY_DOMAIN}" \
+    -addext "subjectAltName=DNS:${PROXY_DOMAIN},DNS:*.${PROXY_DOMAIN}"
 
 cat >${config_dir}/nginx.conf <<EOF
 include /etc/nginx/modules-enabled/*.conf;
@@ -30,12 +30,12 @@ http {
 	include /etc/nginx/conf.d/*.conf;
 
 	upstream target {
-		server ${BACKEND_ADDR};
+		server ${PROXY_BACKEND_ADDR};
 	}
 
 	server {
-		listen [::]:${PORT:-443} http2 ssl;
-		server_name *.${DOMAIN} ${DOMAIN};
+		listen [::]:${PROXY_PORT:-443} http2 ssl;
+		server_name *.${PROXY_DOMAIN} ${PROXY_DOMAIN};
 		ssl_certificate ${config_dir}/ssl.crt;
 		ssl_certificate_key ${config_dir}/ssl.key;
 		location / {