diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..2f064172
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+*
+!target/universal/ot-platform-api-latest.zip
+!production.xml
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 5340006f..00000000
--- a/.travis.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-sudo: required
-language: scala
-scala:
-  - 2.13.10
-dist: xenial
-jdk:
-  - openjdk11
-services:
-  - docker
-env:
-  global:
-    - QUAY_REPO="quay.io/opentargets/platform-api"
-cache:
-  directories:
-    - $HOME/.cache/coursier
-    - $HOME/.ivy2/cache
-    - $HOME/.sbt
-before_cache:
-  - rm -fv $HOME/.ivy2/.sbt.ivy.lock
-  - find $HOME/.ivy2/cache -name "ivydata-*.properties" -print -delete
-  - find $HOME/.sbt        -name "*.lock"               -print -delete
-script:
-  - sbt ++${TRAVIS_SCALA_VERSION} scalafmtCheckAll
-  - sbt ++$TRAVIS_SCALA_VERSION clean compile
-  - sbt ++$TRAVIS_SCALA_VERSION coverage "testOnly * -- -l test_configuration.IntegrationTestTag" coverageReport
-  - sbt ++$TRAVIS_SCALA_VERSION dist
-deploy:
-  provider: releases
-  api_key: $GITHUB_TOKEN
-  skip_cleanup: true
-  file_glob: true
-  file: "target/universal/ot-platform-api-latest.zip"
-  on:
-    repo: opentargets/platform-api
-    tags: true
-    all_branches: true
-notifications:
-  email:
-    recipients:
-    - ops@opentargets.org
-    on_success: never
-    on_failure: always
-after_success:
-  - ./deploy_quay.sh
diff --git a/Dockerfile b/Dockerfile
index 84ec5b0e..18ebbb56 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,35 +1,44 @@
-FROM eclipse-temurin:21.0.4_7-jdk-alpine
+# ------------------------------------------------------------------------ BUILD
+FROM eclipse-temurin:21.0.4_7-jdk-jammy AS builder
 
-ARG USER_ID=10001
-ARG GROUP_ID=10001
-ARG USER_NAME=nginxuser
+WORKDIR /build
 
-RUN addgroup -g ${GROUP_ID} -S otapigroup && \
-    adduser -u ${USER_ID} -D -S -G otapigroup ${USER_NAME}
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends unzip && \
+    rm -rf /var/lib/apt/lists/*
 
-RUN mkdir -p /srv/app
+COPY target/universal/ot-platform-api-latest.zip .
 
-RUN apk add --no-cache bash alpine-sdk
+RUN unzip ot-platform-api-latest.zip && \
+    chmod +x ot-platform-api-latest/bin/ot-platform-api
 
-COPY target/universal/ot-platform-api-latest.zip /srv/app/ot-platform-api-latest.zip
-COPY production.xml /srv/app/production.xml
+# ---------------------------------------------------------------------- RUNTIME
+FROM eclipse-temurin:21.0.4_7-jre-jammy
 
-RUN chown -R ${USER_NAME}:otapigroup /srv/app
+ARG USER_ID=10001
+ARG GROUP_ID=10001
 
-USER ${USER_NAME}
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends curl && \
+    rm -rf /var/lib/apt/lists/* && \
+    groupadd -g ${GROUP_ID} otapi && \
+    useradd -u ${USER_ID} -g otapi -r -s /sbin/nologin otapi
 
 WORKDIR /srv/app
 
-RUN unzip ot-platform-api-latest.zip
+COPY --from=builder --chown=otapi:otapi /build/ot-platform-api-latest ./ot-platform-api-latest
+COPY --chown=otapi:otapi production.xml .
+
+USER otapi
+
+EXPOSE 8080
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
+    CMD curl -sf http://localhost:8080/health || exit 1
 
-RUN chmod +x ot-platform-api-latest/bin/ot-platform-api
+ENTRYPOINT ["ot-platform-api-latest/bin/ot-platform-api"]
 
-ENTRYPOINT ["bash", "-c", "ot-platform-api-latest/bin/ot-platform-api \
-    ${JAVA_OPTS} \
-    -J-server \
-    -Dlogger.file=/srv/app/production.xml \
-    -Dlogback.debug=true \
-    -Dcom.sun.management.jmxremote \
-    -Dcom.sun.management.jmxremote.port=31238 \
-    -Dcom.sun.management.jmxremote.ssl=false \
-    -Dcom.sun.management.jmxremote.authenticate=false"]
+CMD [ \
+    "-J-server", \
+    "-Dlogger.file=/srv/app/production.xml" \
+]
diff --git a/deploy_quay.sh b/deploy_quay.sh
deleted file mode 100755
index 63e055f4..00000000
--- a/deploy_quay.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-set -ev
-if [ "${TRAVIS_PULL_REQUEST}" = "true" ] || [ "${TRAVIS_TAG}" != "" ]; then
-  if [ "${TRAVIS_TAG}" != "" ]; then
-      docker_tag_label="${TRAVIS_TAG}"
-    else
-      docker_tag_label="${TRAVIS_BRANCH}"
-    fi
-  docker pull "${QUAY_REPO}:${docker_tag_label}" || true
-  docker build --pull --cache-from "${QUAY_REPO}:${docker_tag_label}" --tag "${QUAY_REPO}" . || docker build .
-  docker login -u="${QUAY_USER}" -p="${QUAY_PASSWORD}" quay.io
-  git_sha="${TRAVIS_COMMIT}"
-  docker tag "${QUAY_REPO}" "${QUAY_REPO}:${docker_tag_label}"
-  docker tag "${QUAY_REPO}" "${QUAY_REPO}:${TRAVIS_COMMIT}-${docker_tag_label}"
-  docker push "${QUAY_REPO}:${docker_tag_label}" && docker push "${QUAY_REPO}:${git_sha}-${docker_tag_label}"
-  if [ "${TRAVIS_BRANCH}" = "master" ]; then
-    docker tag "${QUAY_REPO}:${TRAVIS_BRANCH}" "${QUAY_REPO}:latest"
-    docker push "${QUAY_REPO}:latest"
-  fi
-fi