diff --git a/Dockerfile.jupyterhub b/Dockerfile.jupyterhub
index 16d9bf0..bd5abca 100644
--- a/Dockerfile.jupyterhub
+++ b/Dockerfile.jupyterhub
@@ -8,6 +8,11 @@ RUN /opt/conda/bin/pip install \
     oauthenticator==0.4.* \
     dockerspawner==0.4.*
 
+# install docker on the jupyterhub container
+RUN wget https://get.docker.com -q -O /tmp/getdocker && \
+    chmod +x /tmp/getdocker && \
+    sh /tmp/getdocker
+
 # Copy TLS certificate and key
 ENV SSL_CERT /srv/jupyterhub/secrets/jupyterhub.crt
 ENV SSL_KEY /srv/jupyterhub/secrets/jupyterhub.key
diff --git a/Makefile b/Makefile
index ecebe20..de1c7d9 100644
--- a/Makefile
+++ b/Makefile
@@ -12,12 +12,16 @@ self-signed-cert:
 	# make a self-signed cert
 
 secrets/jupyterhub.crt:
-	@echo "Need an SSL certificate in secrets/jupyterhub.crt"
-	@exit 1
+	@if [ "${SECRETS_VOLUME}" = "" ]; then \
+		echo "Need an SSL certificate in secrets/jupyterhub.crt"; \
+		exit 1; \
+	fi
 
 secrets/jupyterhub.key:
-	@echo "Need an SSL key in secrets/jupyterhub.key"
-	@exit 1
+	@if [ "${SECRETS_VOLUME}" = "" ]; then \
+		echo "Need an SSL key in secrets/jupyterhub.key"; \
+		exit 1; \
+	fi
 
 userlist:
 	@echo "Add usernames, one per line, to ./userlist, such as:"
@@ -26,7 +30,6 @@ userlist:
 	@exit 1
 
 check-files: secrets/jupyterhub.crt secrets/jupyterhub.key userlist
-	# fail in an informative way if files don't exist
 
 pull:
 	docker pull $(DOCKER_NOTEBOOK_IMAGE)
diff --git a/docker-compose.yml b/docker-compose.yml
index d149f79..8943af3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,9 +12,6 @@ services:
     image: jupyterhub
     container_name: jupyterhub
     volumes:
-      # Bind Docker binary from host machine so we can invoke Docker commands
-      # from inside container
-      - "/usr/local/bin/docker:/usr/local/bin/docker:ro"
       # Bind Docker socket on the host so we can connect to the daemon from
       # within the container
       - "/var/run/docker.sock:/var/run/docker.sock:rw"