diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ce80c73
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,36 @@
+# Build stage
+FROM golang:1.24-alpine AS builder
+
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build server
+RUN CGO_ENABLED=0 go build -o hash-of-wisdom ./cmd/server
+
+# Runtime stage
+FROM alpine:3.19
+
+# Create non-root user
+RUN addgroup -g 1001 -S hash-of-wisdom && \
+    adduser -u 1001 -S hash-of-wisdom -G hash-of-wisdom
+
+WORKDIR /app
+
+# Copy binary and config from builder stage with correct ownership
+COPY --from=builder --chown=hash-of-wisdom:hash-of-wisdom /app/hash-of-wisdom .
+COPY --from=builder --chown=hash-of-wisdom:hash-of-wisdom /app/config.yaml .
+
+# Switch to non-root user
+USER hash-of-wisdom
+
+# Expose ports
+EXPOSE 8080 8081
+
+# Run server with config file
+CMD ["./hash-of-wisdom", "-config", "config.yaml"]