diff --git a/.dockerignore.yaml b/.dockerignore.yaml
new file mode 100644
index 0000000..f63305b
--- /dev/null
+++ b/.dockerignore.yaml
@@ -0,0 +1,18 @@
+# Ignore build artifacts
+target/
+pkg/
+
+# Ignore git directory
+.git/
+
+.gitea/
+
+# Ignore environment files (configure via docker-compose instead)
+.env*
+
+# Ignore IDE/editor specific files
+.idea/
+.vscode/
+
+# Ignore OS specific files
+*.DS_Store
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..32077e1
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,66 @@
+# Stage 1: Build the application
+# Use a specific Rust version for reproducibility. Choose one that matches your development environment.
+# Using slim variant for smaller base image
+FROM rust:1.88 as builder
+
+# Set the working directory inside the container
+WORKDIR /usr/src/app
+
+# Install build dependencies if needed (e.g., git for cloning)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl3 \
+    ca-certificates \
+    openssh-client git \
+    && rm -rf /var/lib/apt/lists/*
+
+# << --- ADD HOST KEY HERE --- >>
+# Replace 'yourgithost.com' with the actual hostname (e.g., github.com)
+RUN mkdir -p -m 0700 ~/.ssh && \
+    ssh-keyscan git.kundeng.us >> ~/.ssh/known_hosts
+
+# Copy Cargo manifests
+COPY Cargo.toml Cargo.lock ./
+
+# Build *only* dependencies to leverage Docker cache
+# This dummy build caches dependencies as a separate layer
+RUN --mount=type=ssh mkdir src && \
+    echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
+    cargo build --release --quiet && \
+    rm -rf src target/release/deps/songparser* # Clean up dummy build artifacts (replace songparser)
+
+# Copy the actual source code
+COPY src ./src
+# If you have other directories like `templates` or `static`, copy them too
+COPY .env ./.env
+
+# << --- SSH MOUNT ADDED HERE --- >>
+# Build *only* dependencies to leverage Docker cache
+# This dummy build caches dependencies as a separate layer
+# Mount the SSH agent socket for this command
+RUN --mount=type=ssh \
+    cargo build --release --quiet
+
+# Stage 2: Create the final, smaller runtime image
+# Use a minimal base image like debian-slim or even distroless for security/size
+FROM ubuntu:24.04
+
+# Install runtime dependencies if needed (e.g., SSL certificates)
+RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/*
+
+# Set the working directory
+WORKDIR /usr/local/bin
+
+# Copy the compiled binary from the builder stage
+# Replace 'songparser' with the actual name of your binary (usually the crate name)
+COPY --from=builder /usr/src/app/target/release/songparser .
+
+# Copy other necessary files like .env (if used for runtime config) or static assets
+# It's generally better to configure via environment variables in Docker though
+COPY --from=builder /usr/src/app/.env .
+
+# Expose the port your Axum app listens on (e.g., 3000 or 8000)
+EXPOSE 3002
+
+# Set the command to run your application
+# Ensure this matches the binary name copied above
+CMD ["./songparser"]
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..7651a5d
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,15 @@
+version: '3.8' # Use a recent version
+
+services:
+  # Your Rust Application Service
+  auth_api:
+    build: # Tells docker-compose to build the Dockerfile in the current directory
+      context: .
+      ssh: ["default"]  # Uses host's SSH agent
+    container_name: songparser # Optional: Give the container a specific name
+    ports:
+      # Map host port 8000 to container port 3000 (adjust as needed)
+      - "8002:3002"
+    env_file:
+      - .env
+    restart: unless-stopped # Optional: Restart policy