diff --git a/Dockerfile b/Dockerfile
index 5333e05..f321771 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,11 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE:-golang:1.22}
-ARG REPO_NAME
-ARG REPO_SHA
+ARG BASE_IMAGE=golang:1.22
+# Ubuntu Nobel Numbat
+ARG BASE_RUNTIME_IMAGE=ubuntu:24.04 
+ARG BASE_UID=1001
+ARG BASE_GID=1001
+FROM ${BASE_IMAGE} AS build-stage
 
-WORKDIR /app
+WORKDIR /build
 
 # Download Go modules
 COPY go.mod ./
@@ -11,11 +13,30 @@ RUN go mod download
 
 COPY *.go ./
 
-RUN CGO_ENABLED=0 GOOS=linux go build -o /fluxfeed
+RUN CGO_ENABLED=0 GOOS=linux go build -o fluxfeed
 
-EXPOSE 8080
+FROM ${BASE_RUNTIME_IMAGE} AS runtime-stage
+
+ARG BASE_UID=1001
+ARG BASE_GID=1001
+
+ENV WORK_DIR=/app
+
+RUN groupadd -g ${BASE_GID} flux
+RUN useradd --create-home flux -u ${BASE_UID} -g ${BASE_GID}
+
+WORKDIR ${WORK_DIR}
+
+COPY --chown=app --from=build-stage /build/fluxfeed ${WORK_DIR}/ 
+
+ARG REPO_NAME
+ARG REPO_SHA
 
 LABEL io.runcible.repo-name="${REPO_NAME}" \
       io.runcible.repo-sha="${REPO_SHA}"
 
-CMD ["/fluxfeed"]
\ No newline at end of file
+EXPOSE 8080
+
+USER flux
+
+CMD ["./fluxfeed"]
\ No newline at end of file