diff --git a/gerboweb/Containerfile b/gerboweb/Containerfile
new file mode 100644
index 0000000..5733b48
--- /dev/null
+++ b/gerboweb/Containerfile
@@ -0,0 +1,18 @@
+FROM docker.io/archlinux:latest
+MAINTAINER gerbolyze@jaseg.de
+RUN pacman --noconfirm -Syu
+RUN pacman --noconfirm -Sy pugixml opencv pango cairo git python make clang cargo python-pip base-devel gerbv rsync tmux uwsgi uwsgi-plugin-python
+RUN cargo install usvg resvg
+RUN python3 -m pip install pip==21.3.1
+RUN python3 -m pip install flask numpy lxml wasmtime svg_flatten_wasi resvg_wasi flask_wtf
+RUN --mount=type=bind,rw,destination=/git \
+    cd /git/gerbonara && \
+    python3 -m pip --disable-pip-version-check install . && \
+    cd /git && \
+    python3 -m pip --disable-pip-version-check install .
+RUN mkdir /gerboweb
+ADD ["gerboweb/uwsgi-gerboweb.ini","gerboweb/gerboweb.py","gerboweb/job_processor.py","gerboweb/job_queue.py","/gerboweb/"]
+ADD ["gerboweb/static","/gerboweb/"]
+ADD ["gerboweb/templates","/gerboweb/"]
+ADD gerboweb/gerboweb_prod.cfg /gerboweb/gerboweb.cfg
+ENTRYPOINT uwsgi --ini /gerboweb/uwsgi-gerboweb.ini --chmod-socket=660 --socket=/run/uwsgi/socket
diff --git a/gerboweb/ansible/uwsgi-gerboweb.ini b/gerboweb/ansible/uwsgi-gerboweb.ini
index 155d01a..c88d321 100644
--- a/gerboweb/ansible/uwsgi-gerboweb.ini
+++ b/gerboweb/ansible/uwsgi-gerboweb.ini
@@ -7,4 +7,5 @@ plugins = python3
 chdir = /var/lib/gerboweb
 mount = /=gerboweb:app
 env = GERBOWEB_SETTINGS=gerboweb_prod.cfg
+mule = job_processor.py
 
diff --git a/gerboweb/gerboweb.py b/gerboweb/gerboweb.py
index 0a0dda0..6ab255c 100644
--- a/gerboweb/gerboweb.py
+++ b/gerboweb/gerboweb.py
@@ -6,6 +6,7 @@ import tempfile
 import uuid
 from functools import wraps
 from os import path
+from pathlib import Path
 import os
 import sqlite3
 
@@ -20,6 +21,11 @@ from job_queue import JobQueue
 
 app = Flask(__name__, static_url_path='/static')
 app.config.from_envvar('GERBOWEB_SETTINGS')
+if app.config['SECRET_KEY'] is None:
+    if (p := Path('/run/secrets/gerboweb')).isfile():
+        app.config['SECRET_KEY'] = p.read_bytes()
+    else:
+        app.config['SECRET_KEY'] = os.urandom(32)
 
 class UploadForm(FlaskForm):
     upload_file = FileField(validators=[DataRequired()])
diff --git a/gerboweb/gerboweb.cfg b/gerboweb/gerboweb_prod.cfg
similarity index 77%
rename from gerboweb/gerboweb.cfg
rename to gerboweb/gerboweb_prod.cfg
index 02ea211..1f4b0f8 100644
--- a/gerboweb/gerboweb.cfg
+++ b/gerboweb/gerboweb_prod.cfg
@@ -1,4 +1,3 @@
 MAX_CONTENT_LENGTH=10000000
-SECRET_KEY="FIXME: CHANGE THIS KEY"
 UPLOAD_PATH="/var/cache/gerboweb/upload"
 JOB_QUEUE_DB="/var/cache/gerboweb/job_queue.sqlite3"
diff --git a/gerboweb/uwsgi-gerboweb.ini b/gerboweb/uwsgi-gerboweb.ini
new file mode 100644
index 0000000..94aaa88
--- /dev/null
+++ b/gerboweb/uwsgi-gerboweb.ini
@@ -0,0 +1,11 @@
+[uwsgi]
+master = True
+cheap = True
+die-on-idle = False
+manage-script-name = True
+plugins = python3
+chdir = /gerboweb
+mount = /=gerboweb:app
+env = GERBOWEB_SETTINGS=gerboweb.cfg
+mule = job_processor.py
+