diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..5b4a20b
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,85 @@
+# workspace:
+#   base: /workspace
+#   path: src/git.nixaid.com/arno/myapp/
+#
+# branches:
+#   - master
+
+pipeline:
+  restore_cache:
+    image: drillster/drone-volume-cache:latest
+    restore: true
+    mount:
+      - /drone/docker
+    # Set the ``DRONE_VOLUME=/tmp/drone-cache:/cache`` drone-server variable,
+    # so you can benefit from the caching.
+    # Otherwise you will have to make this repository trusted in Drone and use
+    # the volumes as follows.
+    # volumes:
+    #   - /tmp/drone-cache:/cache
+
+  # drone repo add arno/lychee
+  # drone secret add/update --name docker_username --value arno --event push --event tag --event deployment arno/lychee
+  # drone secret add/update --name docker_password --value "$(pass show vps/registry.nixaid.com | head -1)" --event push --event tag --event deployment arno/lychee
+  publish:
+    image: plugins/docker:17.12
+    # repo: andrey01/${DRONE_REPO_NAME}
+    registry: registry.nixaid.com
+    repo: registry.nixaid.com/arno/${DRONE_REPO_NAME}
+    tags:
+      - latest
+      # - ${DRONE_COMMIT_SHA:0:7}
+    # group: docker
+    # dockerfile: Dockerfile
+    secrets: [docker_username, docker_password]
+    # Since we restore the docker image cache to /drone/docker
+    storage_path: /drone/docker
+    use_cache: true
+    when:
+      event: [push, tag]
+      branch: master
+
+  rebuild_cache:
+    image: drillster/drone-volume-cache:latest
+    rebuild: true
+    mount:
+      - /drone/docker
+    # Set the ``DRONE_VOLUME=/tmp/drone-cache:/cache`` drone-server variable,
+    # so you can benefit from the caching.
+    # Otherwise you will have to make this repository trusted in Drone and use
+    # the volumes as follows.
+    # volumes:
+    #   - /tmp/drone-cache:/cache
+
+  # ca_cert comes from /srv/data/registry/certs/ca.crt
+  claircheck:
+    # image: jmccann/drone-clair:1
+    image: andrey01/drone-clair
+    url: http://clair:6060
+    secrets: [ docker_username, docker_password ]
+    # ignore errors for now. This will work only in drone 0.9 https://github.com/drone/drone-runtime/commit/3e8bd99f60f4032226523320cd2b2321f9525159
+    err_ignore: true
+    scan_image: registry.nixaid.com/arno/${DRONE_REPO_NAME}:latest
+    ca_cert: |
+      -----BEGIN CERTIFICATE-----
+      MIIBOjCB4KADAgECAgkAzhpbLWXa4H0wCgYIKoZIzj0EAwIwEDEOMAwGA1UEAwwF
+      bXktQ0EwHhcNMTgwNzA5MjIzMTAzWhcNMjgwNzA2MjIzMTAzWjAQMQ4wDAYDVQQD
+      DAVteS1DQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFIE8bTfQ76U5qG/Xgjw
+      BbQU0oRJLYlRxBIWF9MTNSJr2LoaoyrU8jrcWQGRrfKPoVuwUJWp2tp5SJy0AHH7
+      4fijIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKkMAoGCCqGSM49
+      BAMCA0kAMEYCIQCYbTbxRD2yX4LzGjh84fKPWPQM9ps8RE2nfwZjqdRUGgIhAOHb
+      USigh6FzqEPk2jiaV3t1wNtChRWRfupTKG6CD345
+      -----END CERTIFICATE-----
+
+  notify:
+    image: drillster/drone-email:latest
+    from: Drone CI <noreply@nixaid.com>
+    subject: NIXAID Drone Pipeline {{#success build.status}}SUCCESS{{else}}FAILURE{{/success}} Notification
+    host: mail.nixaid.com
+    port: 587
+    # username: arno
+    # secrets: [ email_username, email_password ]
+    # recipients: [ andrey.arapov@nixaid.com ]
+    when:
+      status: [success, failure] # changed
+      event: [push, tag]
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..0b5138f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,59 @@
+FROM alpine:edge
+
+ARG LYCHEE_VERSION=3.1.6
+
+ENV UID=991 GID=991
+
+RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
+ && BUILD_DEPS=" \
+    imagemagick-dev \
+    tar \
+    libressl \
+    ca-certificates \
+    build-base \
+    autoconf \
+    pcre-dev \
+    libtool" \
+ && apk -U upgrade && apk add \
+    ${BUILD_DEPS} \
+    nginx \
+    php7.1-mbstring@testing \
+    php7.1-fpm@testing \
+    php7.1-exif@testing \
+    php7.1-gd@testing \
+    php7.1-json@testing \
+    php7.1-mysqli@testing \
+    php7.1-zip@testing \
+    php7.1-session@testing \
+    php7.1-pear@testing \
+    php7.1-dev@testing \
+    s6 \
+    su-exec \
+    imagemagick \
+ && pecl install imagick \
+ && echo "extension=imagick.so" > /etc/php7.1/conf.d/imagick.ini \
+ && sed -i -e "s/max_execution_time = 30/max_execution_time = 200/g" \
+    -e "s/post_max_size = 8M/post_max_size = 100M/g" \
+    -e "s/upload_max_filesize = 2M/upload_max_filesize = 20M/g" \
+    -e "s/memory_limit = 256M/memory_limit = 512M/g" \
+    /etc/php7.1/php.ini \
+ && mkdir /lychee \
+ && apk del ${BUILD_DEPS} php7.1-pear php7.1-dev \
+ && rm -rf /var/cache/apk/* /tmp/*
+
+COPY . /lychee/
+
+RUN mv /lychee/docker/nginx.conf /etc/nginx/nginx.conf && \
+    mv /lychee/docker/php-fpm.conf /etc/php7.1/php-fpm.conf && \
+    mv /lychee/docker/s6.d /etc/ && \
+    mv /lychee/docker/run.sh /usr/local/bin/run.sh
+
+RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+
+VOLUME /lychee/uploads /lychee/data
+
+EXPOSE 8888
+
+LABEL maintainer="Andrey Arapov <andrey.arapov@nixaid.com>"
+
+CMD ["run.sh"]
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 0000000..ccb22c2
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,26 @@
+## wonderfall/lychee
+
+![](http://lychee.electerious.com/assets/images/showcase.jpg)
+
+#### What is this?
+Lychee is a free photo-management tool, which runs on your server or web-space. Installing is a matter of seconds. Upload, manage and share photos like from a native application. Lychee comes with everything you need and all your photos are stored securely.
+
+#### Features
+- Based on Alpine Linux.
+- nginx + PHP7.
+- Active Imagemagick + pecl ext.
+
+#### Build-time variables
+- **LYCHEE_VERSION** : version of Lychee.
+- **IMAGICK_EXT_VERSION** : version of imagick pecl extension.
+
+#### Environment variables
+- **UID** : lychee user id *(default : 991)*.
+- **GID** : lychee group id *(default : 991)*.
+
+#### Volumes
+- **/lychee/uploads** : uploads.
+- **/lychee/data** : data files.
+
+#### Ports
+- **8888** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration)
diff --git a/docker/nginx.conf b/docker/nginx.conf
new file mode 100644
index 0000000..31c7bf8
--- /dev/null
+++ b/docker/nginx.conf
@@ -0,0 +1,88 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+daemon off;
+
+events {
+    worker_connections 1024; 
+    use epoll;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    access_log off;
+    error_log /tmp/ngx_error.log error;
+    
+    sendfile on;
+    keepalive_timeout 15;
+    keepalive_disable msie6;
+    keepalive_requests 100;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_tokens off;
+
+    fastcgi_temp_path /tmp/fastcgi 1 2;
+    client_body_temp_path /tmp/client_body 1 2;
+    proxy_temp_path /tmp/proxy 1 2;
+    uwsgi_temp_path /tmp/uwsgi 1 2;
+    scgi_temp_path /tmp/scgi 1 2;
+    
+    gzip on;
+    gzip_comp_level 5;
+    gzip_min_length 512;
+    gzip_buffers 4 8k;
+    gzip_proxied any;
+    gzip_vary on;
+    gzip_disable "msie6";
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        text/x-component
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/rss+xml
+        application/vnd.ms-fontobject
+        font/truetype
+        font/opentype
+        image/svg+xml;
+
+    server {
+        listen 8888;
+        root /lychee;
+        index index.php index.html;
+        client_max_body_size 100M;
+
+        location / {
+            try_files $uri $uri/ /index.html;
+         }
+
+        location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)\$ {
+            access_log off;
+            expires 30d;
+            add_header Pragma public;
+            add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
+        }
+
+        location ~ \.php$ {
+            fastcgi_split_path_info ^(.*\.php)(/.*)?$;
+            fastcgi_pass unix:/tmp/php-fpm.sock;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_intercept_errors off;
+            fastcgi_buffer_size 16k;
+            fastcgi_buffers 4 16k;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+
+    }
+
+}
diff --git a/docker/php-fpm.conf b/docker/php-fpm.conf
new file mode 100644
index 0000000..f636044
--- /dev/null
+++ b/docker/php-fpm.conf
@@ -0,0 +1,11 @@
+[global]
+daemonize = no
+
+[www]
+listen = /tmp/php-fpm.sock
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /
diff --git a/docker/run.sh b/docker/run.sh
new file mode 100644
index 0000000..790cd99
--- /dev/null
+++ b/docker/run.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+mkdir /lychee/uploads/big /lychee/uploads/import /lychee/uploads/medium /lychee/uploads/thumb
+chown -R $UID:$GID /lychee /etc/nginx /etc/php7.1 /var/log /var/lib/nginx /tmp /etc/s6.d
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d
diff --git a/docker/s6.d/.s6-svscan/finish b/docker/s6.d/.s6-svscan/finish
new file mode 100644
index 0000000..c52d3c2
--- /dev/null
+++ b/docker/s6.d/.s6-svscan/finish
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exit 0
diff --git a/docker/s6.d/nginx/run b/docker/s6.d/nginx/run
new file mode 100644
index 0000000..eaf8049
--- /dev/null
+++ b/docker/s6.d/nginx/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec nginx
diff --git a/docker/s6.d/php/run b/docker/s6.d/php/run
new file mode 100644
index 0000000..e0b458a
--- /dev/null
+++ b/docker/s6.d/php/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec php-fpm7.1