diff --git a/proxcenter-compose.yml b/proxcenter-compose.yml
index ae223ee..43bc0d3 100644
--- a/proxcenter-compose.yml
+++ b/proxcenter-compose.yml
@@ -70,8 +70,9 @@ services:
       replicas: 1
       placement:
         constraints:
-          # Keep the node-local proxcenter_data volume on the intended primary node.
-          - node.platform.os == linux
+          # Only run on Swarm nodes where the shared Docker NFS mount is present
+          # and verified writable by the required container UID/GID.
+          - node.labels.storage.nfs == true
       restart_policy:
         condition: on-failure
         delay: 5s
@@ -100,7 +101,9 @@ services:
       - POSTGRES_DB=${POSTGRES_DB:-proxcenter}
       - POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
     volumes:
-      - ${DockerData}/proxcenter/postgres_data:/var/lib/postgresql/data
+      # Mount the pre-created pgdata directory directly. This avoids Postgres
+      # needing to create/chmod a child directory on the NFS mount root.
+      - ${DockerData}/proxcenter/postgres_data/pgdata:/var/lib/postgresql/data
     # Port is intentionally not published. Postgres is reachable only
     # over the internal overlay network. Uncomment to expose for debugging:
     # ports:
@@ -131,8 +134,9 @@ services:
         delay: 5s
       placement:
         constraints:
-          # Keep the node-local postgres_data volume on the intended primary node.
-          - node.platform.os == linux
+          # Only run on Swarm nodes where the shared Docker NFS mount is present
+          # and verified writable by the required container UID/GID.
+          - node.labels.storage.nfs == true
 
 # ========================================
 # Networks