diff --git a/.dockerignore b/.dockerignore
index 16e1d8d..c584529 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,5 @@
 /config
+/ptth_build_*
+/ptth_server_build_*
 /ptth_latest.tar.gz
 /target
diff --git a/.gitignore b/.gitignore
index b207857..3ad07a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
-/config
 /*.tar.gz
+/app_packages
+/config
 /ptth_server.toml
 /ptth_relay.toml
 /ptth_build_L6KLMVS6/
diff --git a/Dockerfile b/Dockerfile
index d53f783..d8710e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,8 +4,6 @@
 # rust:1.48-slim-buster
 FROM rust@sha256:cb6b98346ef41a2062d4d8f099127d880f2ef7c1515d00215fc9ea713b99167b as build
 
-#RUN apk add libseccomp-dev
-
 WORKDIR /
 ENV USER root
 
@@ -62,21 +60,21 @@ cargo build --release -p ptth_relay && \
 cargo test --release -p ptth_relay
 
 # debian:buster-slim
-FROM debian@sha256:240f770008bdc538fecc8d3fa7a32a533eac55c14cbc56a9a8a6f7d741b47e33
+FROM debian@sha256:13f0764262a064b2dd9f8a828bbaab29bdb1a1a0ac6adc8610a0a5f37e514955
 
 RUN apt-get update \
 && apt-get upgrade -y \
 && apt-get install -y libssl1.1 ca-certificates tini
 
-RUN addgroup --gid 10001 nonroot && adduser --system --uid 10000 --gid 10001 nonroot
+RUN addgroup --gid 10001 ptth_user && adduser --system --uid 10000 --gid 10001 ptth_user
 
-USER nonroot
-WORKDIR /home/nonroot
+USER ptth_user
+WORKDIR /home/ptth_user
 
 COPY --from=build /ptth/target/release/ptth_relay ./
-COPY --from=build /ptth/handlebars                ./handlebars
+COPY --from=build /ptth/handlebars/relay          ./handlebars/relay
 
 ARG git_version
 RUN echo -n "$git_version" > ./git_version.txt
 
-ENTRYPOINT ["/usr/bin/tini", "--", "./ptth_relay"]
+CMD ["/usr/bin/tini", "--", "./ptth_relay"]
diff --git a/app_package_Dockerfile b/app_package_Dockerfile
new file mode 100644
index 0000000..a5e313b
--- /dev/null
+++ b/app_package_Dockerfile
@@ -0,0 +1,15 @@
+# debian:buster-slim
+FROM debian@sha256:13f0764262a064b2dd9f8a828bbaab29bdb1a1a0ac6adc8610a0a5f37e514955
+
+RUN apt-get update \
+&& apt-get upgrade -y \
+&& apt-get install -y libssl1.1 ca-certificates tini
+
+RUN addgroup --gid 10001 ptth_user && adduser --system --uid 10000 --gid 10001 ptth_user
+
+USER ptth_user
+WORKDIR /home/ptth_user
+
+COPY ./run_app_package.bash ./
+
+ENTRYPOINT ["/usr/bin/tini", "--", "bash", "./run_app_package.bash"]
diff --git a/build_app_package.bash b/build_app_package.bash
new file mode 100755
index 0000000..4eb8b68
--- /dev/null
+++ b/build_app_package.bash
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+GIT_COMMITISH=$(git rev-parse main)
+
+mkdir -p app_packages
+
+git archive --format=tar "$GIT_COMMITISH" | sudo docker build -t ptth:latest --build-arg "git_version=$GIT_COMMITISH" -
+
+sudo docker run --rm ptth:latest tar -c ptth_relay handlebars | gzip > app_packages/garbage.tar.gz
diff --git a/run_app_package.bash b/run_app_package.bash
new file mode 100755
index 0000000..c93aebe
--- /dev/null
+++ b/run_app_package.bash
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+tar -xf "$1"
+
+exec ./ptth_relay