diff --git a/Dockerfile b/Dockerfile
index 2cc30bd..c2aee91 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,41 +1,42 @@
-# syntax = docker/dockerfile:1
+# Install CA certificates.
+FROM docker.io/library/alpine:latest AS ca-certificates-builder
+RUN apk --no-cache add ca-certificates
 
 # Build supervisor.
-FROM golang:1.25-alpine AS supervisor-builder
+FROM docker.io/library/golang:1.25-alpine AS supervisor-builder
 RUN apk --no-cache add git
 WORKDIR /build
-RUN git clone https://github.com/ochinchina/supervisord --branch v0.7.3 .
-RUN GOBIN=/usr/bin go install
+RUN git clone https://github.com/ochinchina/supervisord . && \
+    git checkout 16cb640325b3a4962b2ba17d68fb5c2b1e1b6b3c
+RUN GOBIN=/usr/bin go install -ldflags "-s -w"
 
 # Build Caddy with S3 storage backend.
-FROM caddy:2.10.2-builder AS caddy-builder
+FROM docker.io/library/caddy:2.10.2-builder AS caddy-builder
 RUN xcaddy build ${CADDY_VERSION} \
-    --with github.com/ss098/certmagic-s3
+    --with github.com/ss098/certmagic-s3=github.com/whitequark/certmagic-s3@v0.0.0-20250919212902-21ac26c15951
 
 # Build git-pages.
-FROM golang:1.25-alpine AS git-pages-builder
+FROM docker.io/library/golang:1.25-alpine AS git-pages-builder
 RUN apk --no-cache add git
 WORKDIR /build
 COPY go.mod go.sum ./
 RUN go mod download
 COPY src/ ./src/
-RUN go build -a -o git-pages ./src
+RUN go build -ldflags "-s -w" -o git-pages ./src
 
 # Compose git-pages and Caddy.
-FROM alpine:latest
-RUN apk --no-cache add ca-certificates
-COPY --from=supervisor-builder /usr/bin/supervisord /usr/bin/supervisord
-COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy
-COPY --from=git-pages-builder /build/git-pages /usr/bin/git-pages
+FROM docker.io/library/busybox:1.37.0-musl
+COPY --from=ca-certificates-builder /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=supervisor-builder /usr/bin/supervisord /bin/supervisord
+COPY --from=caddy-builder /usr/bin/caddy /bin/caddy
+COPY --from=git-pages-builder /build/git-pages /bin/git-pages
 
 WORKDIR /app
 RUN mkdir /app/data
-COPY Caddyfile /app/Caddyfile
-COPY config.toml.example /app/config.toml
-
-RUN addgroup -g 1000 -S appuser && adduser -u 1000 -S appuser -G appuser
-RUN chown -R appuser:appuser /app
-USER appuser
+COPY conf/supervisord.conf /app/supervisord.conf
+COPY conf/Caddyfile /app/Caddyfile
+RUN caddy adapt -c Caddyfile -p >/app/caddy.json
+COPY conf/config.toml.example /app/config.toml
 
 # Caddy ports:
 EXPOSE 80 443 2019
@@ -45,20 +46,8 @@ EXPOSE 3000 3001 3002
 # While the default command is to run git-pages standalone, the intended configuration
 # is to use it with Caddy and store both site data and credentials to an S3-compatible
 # object store.
-
-# In a combined configuration, the same container may be used twice, launching either
-# `git-caddy` or `caddy run` to start both services.
-COPY <<EOF supervisord.conf
-[program-default]
-stderr_logfile = /dev/stderr
-stopsignal = TERM
-autorestart = true
-[program:pages]
-command = git-pages
-[program:caddy]
-command = caddy run
-depends_on = pages
-EOF
-
-# In a standalone configuration (the default) use port 3000 (http) to connect to git-caddy.
+#  * In a standalone configuration, the default, git-caddy listens on port 3000 (http).
+#  * In a combined configuration, supervisord launches both git-caddy and Caddy, and
+#    Caddy listens on ports 80 (http) and 443 (https).
 CMD ["git-pages"]
+# CMD ["supervisord"]
diff --git a/README.md b/README.md
index 5ff5cd1..46ee12c 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ You will need [Go](https://go.dev/) 1.25 or newer. Run:
 
 ```console
 $ mkdir -p data
-$ cp config.toml.example config.toml
+$ cp conf/config.toml.example config.toml
 $ INSECURE=very go run ./src
 ```
 
diff --git a/config.toml.example b/conf/config.toml.example
similarity index 100%
rename from config.toml.example
rename to conf/config.toml.example
diff --git a/docker-compose.yml b/docker-compose.yml
deleted file mode 100644
index 952a745..0000000
--- a/docker-compose.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-  git-pages:
-    build:
-      context: https://codeberg.org/whitequark/git-pages.git
-      dockerfile: ./Dockerfile
-    restart: always
-    user: "1000:1000"
-    volumes:
-      - ./git-pages/config.toml:/app/config.toml
-      - ./git-pages/data:/data
diff --git a/fly.toml b/fly.toml
index 57e4b65..f5c0cfa 100644
--- a/fly.toml
+++ b/fly.toml
@@ -6,7 +6,7 @@
 #  - GIT_PAGES_CONFIG
 
 [build]
-image = "registry.fly.io/git-pages:latest"
+dockerfile = "Dockerfile"
 
 [experimental]
 cmd = ["supervisord"]
diff --git a/nix/pkgs/image.nix b/nix/pkgs/image.nix
deleted file mode 100644
index a70ad43..0000000
--- a/nix/pkgs/image.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  caddy,
-  callPackage,
-  dockerTools,
-  git-pages,
-  pkgsStatic,
-  runtimeShell,
-  self,
-  upx,
-  writeTextDir,
-  ...
-}:
-
-let
-  caddy' =
-    (caddy.withPlugins {
-      plugins = [
-        "github.com/ss098/certmagic-s3=github.com/whitequark/certmagic-s3@v0.0.0-20250919212902-21ac26c15951"
-      ];
-
-      hash = "sha256-Mx+jSvjNt6y7mK4aP/YERmCPWx5UTGTyH2dbXUJ9+UY=";
-    }).overrideAttrs
-      (oldAttrs: {
-        buildInputs = with pkgsStatic; [
-          musl
-        ];
-
-        ldflags = oldAttrs.ldflags ++ [
-          "-linkmode external"
-          "-extldflags -static"
-          "-s -w"
-        ];
-      });
-
-  supervisord = callPackage ./supervisord.nix { };
-in
-dockerTools.buildImage {
-  name = "git-pages";
-  tag = "latest";
-
-  copyToRoot = with dockerTools; [
-    caCertificates
-  ];
-
-  runAsRoot = ''
-    #!${runtimeShell}
-
-    mkdir -p /app/data
-    mkdir /bin
-
-    cp ${self}/config.toml.example /app/config.toml
-    ${caddy'}/bin/caddy adapt --config ${self}/conf/Caddyfile >/app/caddy.json
-    cp ${self}/conf/supervisord.conf /app/supervisord.conf
-
-    cp ${caddy'}/bin/caddy /bin/caddy
-    cp ${git-pages}/bin/git-pages /bin/git-pages
-    cp ${supervisord}/bin/supervisord /bin/supervisord
-
-    chmod +w /bin/*
-    ${upx}/bin/upx /bin/*
-  '';
-
-  config = {
-    Cmd = [ "/bin/git-pages" ];
-    WorkingDir = "/app";
-  };
-}
diff --git a/nix/pkgs/supervisord.nix b/nix/pkgs/supervisord.nix
deleted file mode 100644
index a859823..0000000
--- a/nix/pkgs/supervisord.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  buildGoModule,
-  fetchFromGitHub,
-  fetchpatch,
-  lib,
-  pkgsStatic,
-  ...
-}:
-
-buildGoModule rec {
-  pname = "supervisord";
-  version = "0.7.3";
-
-  src = fetchFromGitHub {
-    owner = "ochinchina";
-    repo = pname;
-    rev = "16cb640325b3a4962b2ba17d68fb5c2b1e1b6b3c";
-    hash = "sha256-NPlU2f+zXw1qHWKTyTghQmulDuphpLZ3K/Pr/K9J7KI=";
-  };
-
-  buildInputs = with pkgsStatic; [
-    musl
-  ];
-
-  tags = [
-    "release"
-  ];
-
-  ldflags = [
-    "-linkmode external"
-    "-extldflags -static"
-    "-s -w"
-  ];
-
-  subPackages = ".";
-
-  vendorHash = "sha256-W/68Kq5Z9+7fUKQGq1/hI12pLznlKRYw7x464ZJVxtM=";
-
-  preBuild = ''
-    go generate -tags ${lib.concatStringsSep "," tags}
-  '';
-}