diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 4e76f72e..00000000
--- a/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-FROM php:8.1.8-fpm
-
-COPY . /code
-
-RUN docker-php-ext-install pdo pdo_mysql
-RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev
-RUN docker-php-ext-install mbstring
-RUN apt-get update -y && apt-get install -y libmcrypt-dev
-# RUN docker-php-ext-install -j$(nproc) mcrypt
-RUN docker-php-ext-install iconv
-RUN apt-get update -y && apt-get install -y imagemagick
-RUN apt-get update -y && apt-get install -y graphicsmagick
-RUN apt-get update -y && apt-get install -y gifsicle
-# RUN docker-php-ext-configure gd
-#         --with-jpeg=/usr/include
-#         --with-png-dir=/usr \
-RUN docker-php-ext-install gd
-RUN apt-get update -y \
-  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \
-  && pecl install memcached \
-  && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
-  && apt-get remove -y build-essential libmemcached-dev libz-dev \
-  && apt-get autoremove -y \
-  && apt-get clean \
-  && rm -rf /tmp/pear \
-  && curl -sS https://getcomposer.org/installer -o composer-setup.php \
-  && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
-  && docker-php-ext-install bcmath \
-  && cd /code && composer install
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 0008c064..9ae4f02f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,23 +1,30 @@
 services:
   #nginx webserver + php 8.x
   web:
-      image: nginx:1.25.3-alpine
+      build:
+        context: .
+        dockerfile: ./docker/nginx/Dockerfile
       ports:
         - "8080:80"
       depends_on:
         - db
       volumes:
           - ./:/code
-          - ./site.conf:/etc/nginx/conf.d/default.conf
+          - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
+          - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+          - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
       networks:
         leftchan_net:
           ipv4_address: 172.20.0.3
       links:
           - php
   php:
-      build: .
+      build:
+        context: .
+        dockerfile: ./docker/php/Dockerfile
       volumes:
           - ./:/code
+          - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
         leftchan_net:
           ipv4_address: 172.20.0.4
@@ -42,4 +49,4 @@ networks:
         ipam:
             driver: default
             config:
-                - subnet: 172.20.0.0/16
\ No newline at end of file
+                - subnet: 172.20.0.0/16
diff --git a/docker/common-setup.sh b/docker/common-setup.sh
new file mode 100755
index 00000000..bf30bd20
--- /dev/null
+++ b/docker/common-setup.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -eu
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
+ln -s \
+   /code/banners/ \
+   /code/static/ \
+   /code/stylesheets/ \
+   /code/tools/ \
+   /code/walls/ \
+   /code/*.php \
+   /code/404.html \
+   /code/LICENSE.* \
+   /code/robots.txt \
+   /code/install.sql \
+   /var/www-leftypol/
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js
+ln -s /code/js/* /var/www-leftypol/js/
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache
+ln -s /code/templates/* /var/www-leftypol/templates/
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc
+ln -s /code/inc/* /var/www-leftypol/inc/
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
new file mode 100644
index 00000000..e58381da
--- /dev/null
+++ b/docker/nginx/Dockerfile
@@ -0,0 +1,11 @@
+FROM nginx:1.25.3-alpine
+
+COPY . /code
+RUN addgroup --system leftypol \
+   && adduser --system leftypol \
+   && adduser leftypol leftypol \
+   && /code/docker/common-setup.sh
+
+
+CMD ["nginx", "-g", "daemon off;"]
+EXPOSE 80 443
\ No newline at end of file
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf
new file mode 100644
index 00000000..eada8ee9
--- /dev/null
+++ b/docker/nginx/leftypol.conf
@@ -0,0 +1,66 @@
+upstream php-upstream {
+	server php:9000;
+}
+
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server ipv6only=on;
+	server_name leftypol;
+	root /var/www-leftypol;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-Content-Type-Options "nosniff";
+
+	index index.html index.php;
+
+	charset utf-8;
+
+	location ~ ^([^.\?]*[^\/])$ {
+		try_files                 $uri @addslash;
+	}
+
+	# Expire rules for static content
+	# Media: images, icons, video, audio, HTC
+	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+		expires 1M;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+	# CSS and Javascript
+	location ~* \.(?:css|js)$ {
+		expires 1y;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+
+	location ~* \.(html)$ {
+		expires -1;
+	}
+
+	location @addslash {
+	   return                    301 $uri/;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php$is_args$args;
+	}
+
+	client_max_body_size 2G;
+
+	location ~ \.php$ {
+		proxy_set_header X-Real-IP  $remote_addr;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header X-Request-Id $x_request_id;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header Forwarded-Request-Id $x_request_id;
+		fastcgi_pass php-upstream;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		fastcgi_read_timeout 600;
+		include fastcgi_params;
+	}
+
+	location = /favicon.ico { access_log off; log_not_found off; }
+	location = /robots.txt  { access_log off; log_not_found off; }
+}
\ No newline at end of file
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
new file mode 100644
index 00000000..8a4ba95f
--- /dev/null
+++ b/docker/nginx/nginx.conf
@@ -0,0 +1,33 @@
+# This and proxy.conf are based on
+# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
+
+user  leftypol;
+worker_processes auto;
+# daemon off;
+# error_log  /var/log/nginx/error.log warn;
+error_log /dev/stdout warn;
+pid        /var/run/nginx.pid;
+events {
+	worker_connections  1024;
+}
+http {
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+	#access_log  /var/log/nginx/access.log;
+	# Switch logging to console out to view via Docker
+	access_log /dev/stdout;
+	error_log /dev/stdout warn;
+	sendfile        on;
+	keepalive_timeout  5;
+
+	gzip              on;
+	gzip_http_version 1.0;
+	gzip_vary         on;
+	gzip_comp_level   6;
+	gzip_types        text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
+	gzip_disable      "MSIE [1-6]\.";
+
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-available/*.conf;
+}
\ No newline at end of file
diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf
new file mode 100644
index 00000000..bc22ea34
--- /dev/null
+++ b/docker/nginx/proxy.conf
@@ -0,0 +1,40 @@
+proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m;
+proxy_temp_path   /var/tmp/nginx;
+proxy_cache_key   "$scheme://$host$request_uri";
+
+
+map $http_forwarded_request_id $x_request_id {
+	""          $request_id;
+	default     $http_forwarded_request_id;
+}
+
+map $http_forwarded_forwarded_host $forwardedhost {
+	""          $host;
+	default     $http_forwarded_forwarded_host;
+}
+
+
+map $http_x_forwarded_proto $fcgi_https {
+	default "";
+	https on;
+}
+
+map $http_x_forwarded_proto $real_scheme {
+	default $scheme;
+	https https;
+}
+
+proxy_set_header  Host               $host;
+proxy_set_header  X-Real-IP          $remote_addr;
+proxy_set_header  X-Forwarded-Host   $host;
+proxy_set_header  X-Forwarded-Server $host;
+
+real_ip_header X-Forwarded-For;
+
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 172.18.0.0/12;
+set_real_ip_from 192.168.0.0/24;
+set_real_ip_from 127.0.0.0/8;
+
+real_ip_recursive on;
\ No newline at end of file
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
new file mode 100644
index 00000000..cb2225bb
--- /dev/null
+++ b/docker/php/Dockerfile
@@ -0,0 +1,47 @@
+# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
+
+FROM composer AS composer
+FROM php:8.1-fpm-bullseye
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+COPY . /code
+
+RUN apt-get update && apt-get upgrade -y && apt-get install -y \
+      zlib1g-dev libicu-dev g++ \
+      libjpeg62-turbo-dev \
+      libzip-dev \
+      libpng-dev \
+      libwebp-dev \
+      libfreetype6-dev \
+      libxml2-dev \
+      git \
+      zip \
+      ffmpeg \
+      libonig-dev \
+      unzip \
+      libcurl4-openssl-dev \
+      libmagickwand-dev \
+      gifsicle \
+      graphicsmagick \
+      gettext \
+      imagemagick \
+      locales locales-all \
+      libmagickwand-dev \
+      libmcrypt-dev \
+    && docker-php-ext-configure gd \
+        --with-webp=/usr/include/webp \
+        --with-jpeg=/usr/include \
+        --with-freetype=/usr/include/freetype2/ \
+    && pecl install redis \
+    && pecl install imagick \
+    && pecl install -o -f igbinary \
+    && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
+    && docker-php-ext-enable igbinary redis imagick \
+    && useradd -MU leftypol \
+    && /code/docker/common-setup.sh \
+    && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
+    && cd /var/www-leftypol && composer install
+
+# RUN /code/docker/common-setup.sh php
+WORKDIR "/var/www-leftypol"
+CMD ["php-fpm"]
+EXPOSE 9000
\ No newline at end of file
diff --git a/docker/php/www.conf b/docker/php/www.conf
new file mode 100644
index 00000000..07fa7c28
--- /dev/null
+++ b/docker/php/www.conf
@@ -0,0 +1,9 @@
+[www]
+user = leftypol
+group = leftypol
+listen = 127.0.0.1:9000
+pm = static
+pm.max_children = 16
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3