diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..acb6b04
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,11 @@
+.git
+.gitignore
+README.md
+*.md
+.env
+.env.local
+.DS_Store
+.air.toml
+docker-compose.yml
+.planning/
+tmp/
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..1c544c7
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,37 @@
+# Build stage - use native platform for fast builds
+FROM --platform=$BUILDPLATFORM golang:1.25-bookworm AS builder
+
+WORKDIR /build
+
+# Cache dependencies separately from source code
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build for target platform with static binary
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -ldflags="-w -s" -o /server ./cmd/server
+
+# Runtime stage - debian slim for debugging capability
+FROM debian:bookworm-slim
+
+# Create non-root user for security
+RUN useradd -u 10001 -m appuser
+
+# Switch to non-root user
+USER appuser
+
+# Copy binary from build stage
+COPY --from=builder /server /usr/local/bin/server
+
+# Declare data volume mount point
+VOLUME /data
+
+# Expose application port
+EXPOSE 32768
+
+# Run the server
+CMD ["server"]