diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..5cf94f3
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+node_modules
+.svelte-kit
+build
+data
+.env
+.env.*
+!.env.example
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..87d7491
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,49 @@
+FROM node:22-alpine AS builder
+
+WORKDIR /app
+# Copy npm package files
+COPY package.json package-lock.json* ./
+# Install all dependencies (including dev)
+RUN npm ci
+
+# Copy the rest of the project
+COPY . .
+# Build the SvelteKit app
+RUN npm run build
+# Remove devDependencies to keep the image small
+RUN npm prune --omit=dev
+
+# Runner Image
+FROM node:22-alpine AS runner
+WORKDIR /app
+
+# Install necessary tools
+RUN apk add --no-cache curl tar ca-certificates tzdata
+
+# Install step-cli
+# We download the latest version for linux amd64
+RUN curl -LO https://github.com/smallstep/cli/releases/download/v0.28.2/step_linux_0.28.2_amd64.tar.gz \
+    && tar -zxvf step_linux_0.28.2_amd64.tar.gz \
+    && mv step_0.28.2/bin/step /usr/bin/step \
+    && rm -rf step_linux_0.28.2_amd64.tar.gz step_0.28.2
+
+# Copy built node app and production node_modules from builder
+COPY --from=builder /app/build ./build
+COPY --from=builder /app/node_modules ./node_modules
+COPY package.json ./
+
+# Create data directory
+RUN mkdir -p /app/data/certs && chown -R node:node /app/data
+
+# Use a non-root user
+USER node
+
+# Expose default HTTP port
+EXPOSE 3000
+
+ENV NODE_ENV=production
+ENV STEP_BIN=/usr/bin/step
+ENV STEP_OUTPUT_DIR=/app/data/certs
+
+# By default, SvelteKit Node adapter listens on PORT 3000
+CMD ["node", "build/index.js"]