diff --git a/Dockerfile b/Dockerfile
index 255f4f56b883468cca302aee40e91fd94c3661a4..86fc5d6a71c0ba5c94bd2afa0024121eda91c6e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,26 +2,42 @@
 
 FROM golang:alpine as server-builder
 
-WORKDIR /server
-
 RUN apk update && apk upgrade && \
     apk add --no-cache bash git openssh build-base && \
     apk add --no-cache git ca-certificates tzdata libcap mailcap && \
     update-ca-certificates
+
+# Create appuser
+ENV USER=appuser
+ENV UID=1000
+# See https://stackoverflow.com/a/55757473/12429735
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+WORKDIR /app
+
 ADD . .
+
+RUN chown -Rf "${UID}" ./*
+
+RUN go version
 RUN go get -d -v && \
     go test ./... && \
-    go build -o server
-
+    go build -o /app/server
 
-RUN setcap cap_net_bind_service=+ep server
+RUN setcap cap_net_bind_service=+ep /app/server
 
 # Running...
 FROM scratch
 
 WORKDIR /app
 
-COPY --from=server-builder /server/server /app
 COPY --from=server-builder /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=server-builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=server-builder /etc/passwd /etc/passwd
@@ -29,10 +45,10 @@ COPY --from=server-builder /etc/group /etc/group
 COPY --from=server-builder /etc/mime.types /etc/mime.types
 
 # Copy static executable and application resources
-COPY --from=server-builder /server/server /app/server
-COPY --from=server-builder /server/dev_certificates /app/dev_certificates
-COPY --from=server-builder /server/web /app/web
-COPY --from=server-builder /server/configs /app/configs
+COPY --from=server-builder /app/server /app/server
+COPY --from=server-builder /app/dev_certificates /app/dev_certificates
+COPY --from=server-builder /app/web /app/web
+COPY --from=server-builder /app/configs /app/configs
 
 # Use an unprivileged user.
 USER appuser:appuser