diff --git a/Dockerfile b/Dockerfile
index d3e4193ee..7857f1a8b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,57 +1,79 @@
 FROM node:18-alpine AS base
 
+# Install dependencies only when needed
 FROM base AS deps
-
 RUN apk add --no-cache libc6-compat
-
 WORKDIR /app
 
-COPY package.json yarn.lock ./
+# Copy package files
+COPY package.json yarn.lock* ./
 
-RUN yarn config set registry 'https://registry.npmmirror.com/'
-RUN yarn install
+# Configure yarn and install dependencies
+RUN yarn config set registry 'https://registry.npmmirror.com/' && \
+    yarn install --frozen-lockfile
 
+# Rebuild the source code only when needed
 FROM base AS builder
-
 RUN apk update && apk add --no-cache git
-
-ENV OPENAI_API_KEY=""
-ENV GOOGLE_API_KEY=""
-ENV CODE=""
-
 WORKDIR /app
+
+# Copy node_modules from deps stage
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 
+# Set build-time environment variables
+ENV NEXT_TELEMETRY_DISABLED 1
+ENV NODE_ENV production
+
+# Build the application
 RUN yarn build
 
+# Production image, copy all the files and run next
 FROM base AS runner
 WORKDIR /app
 
-RUN apk add proxychains-ng
+# Install proxychains for proxy support
+RUN apk add --no-cache proxychains-ng
 
+# Set runtime environment
+ENV NODE_ENV production
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# Environment variables (will be overridden at runtime)
 ENV PROXY_URL=""
 ENV OPENAI_API_KEY=""
 ENV GOOGLE_API_KEY=""
 ENV CODE=""
 ENV ENABLE_MCP=""
 
-COPY --from=builder /app/public ./public
-COPY --from=builder /app/.next/standalone ./
-COPY --from=builder /app/.next/static ./.next/static
-COPY --from=builder /app/.next/server ./.next/server
+# Create a non-root user
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
 
-RUN mkdir -p /app/app/mcp && chmod 777 /app/app/mcp
+# Copy built application
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+# Create and set up MCP directory
+RUN mkdir -p /app/app/mcp && \
+    chmod 777 /app/app/mcp
 COPY --from=builder /app/app/mcp/mcp_config.default.json /app/app/mcp/mcp_config.json
 
+# Switch to non-root user
+USER nextjs
+
 EXPOSE 3000
 
+ENV PORT 3000
+ENV HOSTNAME "0.0.0.0"
+
+# Start the application
 CMD if [ -n "$PROXY_URL" ]; then \
-    export HOSTNAME="0.0.0.0"; \
     protocol=$(echo $PROXY_URL | cut -d: -f1); \
     host=$(echo $PROXY_URL | cut -d/ -f3 | cut -d: -f1); \
     port=$(echo $PROXY_URL | cut -d: -f3); \
-    conf=/etc/proxychains.conf; \
+    conf=/tmp/proxychains.conf; \
     echo "strict_chain" > $conf; \
     echo "proxy_dns" >> $conf; \
     echo "remote_dns_subnet 224" >> $conf; \
@@ -61,7 +83,6 @@ CMD if [ -n "$PROXY_URL" ]; then \
     echo "localnet ::1/128" >> $conf; \
     echo "[ProxyList]" >> $conf; \
     echo "$protocol $host $port" >> $conf; \
-    cat /etc/proxychains.conf; \
     proxychains -f $conf node server.js; \
     else \
     node server.js; \