diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..b99378e
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+node_modules/
+.cache/
+public/
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ac25ff7..4f48df8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,16 @@ name: CI
 on: [push, pull_request]
 
 jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Build image
+        run: docker build . --tag notes
+
+      - name: Show image info
+        run: docker images
 
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..d1f163f
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,21 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Build production container
+        run: docker build --tag docker.pkg.github.com/${GITHUB_REPOSITORY,,}/notes:latest .
+
+      - name: Log into GitHub Docker Registry
+        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY%/*} --password-stdin
+
+      - name: Push the Docker container
+        run: docker push docker.pkg.github.com/${GITHUB_REPOSITORY,,}/notes:latest
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..43dd6d5
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+# Site Build
+FROM node:lts-slim as build
+
+ENV NODE_ENV production
+
+WORKDIR /app
+
+COPY . /app
+
+RUN npm ci --production
+
+RUN npm run build
+
+# Production run
+FROM nginx:stable-alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY --from=build /app/public/ /usr/share/nginx/html
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..e1cd436
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,55 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  stderr;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+
+    access_log /dev/stdout;
+
+    server_tokens off;
+
+    sendfile on;
+
+    keepalive_timeout  65;
+
+    gzip on;
+    gzip_static on;
+
+    gzip_types *;
+
+    server {
+        listen       80;
+        server_name  localhost;
+        root   /usr/share/nginx/html;
+        index  index.html;
+
+        set_real_ip_from  0.0.0.0/0;
+        real_ip_header X-Forwarded-For;
+
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff";
+        add_header Referrer-Policy "same-origin";
+        add_header Strict-Transport-Security "max-age=5184000";
+
+        location /ping {
+            return 200 "PONG";
+        }
+
+        location ~* \.(png|jpg|gif|svg|txt|css|js|xml|eot|ttf|woff2|woff)$ {
+            add_header Cache-Control "public, max-age=0, must-revalidate";
+        }
+
+        error_page 404 /404.html;
+        error_page 500 502 503 504 /50x.html;
+    }
+}