diff --git a/backend/Dockerfile b/backend/Dockerfile
index a2c3bf7..a25cfab 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,45 +1,35 @@
-# ── Stage 1: Build ───────────────────────────────────────────────────────
-FROM bytelyst-common-base-backend:latest AS builder
-
+FROM node:22-alpine AS builder
 WORKDIR /app/backend
 
-# Copy backend package files
+ARG GITEA_NPM_HOST
+ENV NODE_TLS_REJECT_UNAUTHORIZED=0
+ENV NPM_CONFIG_STRICT_SSL=false
+ENV GITEA_NPM_HOST=$GITEA_NPM_HOST
+
+RUN npm config set strict-ssl false \
+  && npm install -g pnpm@10.6.5
+
+COPY .npmrc.docker ./.npmrc
+COPY .docker-deps/ /app/.docker-deps/
 COPY backend/package.json ./package.json
+RUN --mount=type=secret,id=gitea_npm_token \
+  export GITEA_NPM_TOKEN="$(cat /run/secrets/gitea_npm_token 2>/dev/null || echo '')" && \
+  pnpm install --ignore-scripts --lockfile=false
+
 COPY backend/tsconfig.json ./tsconfig.json
-
-# Install backend-specific dependencies (including devDependencies for building)
-RUN pnpm install --ignore-scripts
-
-# Copy source code
 COPY backend/src/ ./src/
 COPY shared/ ../shared/
-
-# Build backend
 RUN pnpm run build
 
-# ── Stage 2: Production ───────────────────────────────────────────────────
-FROM bytelyst-common-base-backend:latest
-
+FROM node:22-alpine
 WORKDIR /app/backend
-
-# Copy backend package files
-COPY backend/package.json ./package.json
-
-# Install backend-specific dependencies
-RUN pnpm install --prod --ignore-scripts
-
-# Copy built artifacts from builder
-COPY --from=builder /app/backend/dist ./dist
-COPY --from=builder /app/backend/node_modules ./node_modules
-COPY shared/ ../shared/
-
-# Environment
 ENV NODE_ENV=production
 ENV NODE_TLS_REJECT_UNAUTHORIZED=0
 
-# Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
-  CMD node -e "require('http').get('http://localhost:4011/health', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
+COPY --from=builder /app/backend/node_modules ./node_modules
+COPY --from=builder /app/backend/package.json ./package.json
+COPY --from=builder /app/backend/dist ./dist
+COPY shared/ ../shared/
 
 EXPOSE 4011
 CMD ["node", "dist/server.js"]
diff --git a/web/Dockerfile b/web/Dockerfile
index 55ea90a..79cac3b 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -1,56 +1,43 @@
-# ── Stage 1: Build ───────────────────────────────────────────────────────
-FROM bytelyst-common-base-web:latest AS builder
-
+FROM node:22-alpine AS builder
 WORKDIR /app/web
 
-# Copy web package files
+ARG GITEA_NPM_HOST
+ENV NODE_TLS_REJECT_UNAUTHORIZED=0
+ENV NPM_CONFIG_STRICT_SSL=false
+ENV GITEA_NPM_HOST=$GITEA_NPM_HOST
+
+RUN npm config set strict-ssl false \
+  && npm install -g pnpm@10.6.5
+
+COPY .npmrc.docker ./.npmrc
+COPY .docker-deps/ /app/.docker-deps/
 COPY web/package.json ./package.json
+RUN --mount=type=secret,id=gitea_npm_token \
+  export GITEA_NPM_TOKEN="$(cat /run/secrets/gitea_npm_token 2>/dev/null || echo '')" && \
+  pnpm install --ignore-scripts --lockfile=false
+
 COPY web/next.config.ts ./next.config.ts
 COPY web/tsconfig.json ./tsconfig.json
 COPY web/next-env.d.ts ./next-env.d.ts
-
-# Install web-specific dependencies (including devDependencies for building)
-RUN pnpm install --ignore-scripts
-
-# Copy source code
 COPY web/src/ ./src/
 COPY shared/ ../shared/
 
-# Build arguments
 ARG NEXT_PUBLIC_BACKEND_URL
 ARG NEXT_PUBLIC_PLATFORM_SERVICE_URL
 ENV NEXT_PUBLIC_BACKEND_URL=$NEXT_PUBLIC_BACKEND_URL
 ENV NEXT_PUBLIC_PLATFORM_SERVICE_URL=$NEXT_PUBLIC_PLATFORM_SERVICE_URL
 ENV NEXT_TELEMETRY_DISABLED=1
-
-# Build web
 RUN pnpm run build
 
-# ── Stage 2: Production ───────────────────────────────────────────────────
-FROM bytelyst-common-base-web:latest
-
+FROM node:22-alpine
 WORKDIR /app/web
-
-# Copy web package files
-COPY web/package.json ./package.json
-
-# Install web-specific dependencies (production only)
-RUN pnpm install --prod --ignore-scripts
-
-# Copy built artifacts from builder
-COPY --from=builder /app/web/.next/standalone ./
-COPY --from=builder /app/web/.next/static ./.next/static
-
-# Environment
 ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
 ENV NODE_TLS_REJECT_UNAUTHORIZED=0
-ENV PORT=3030
-ENV HOSTNAME="0.0.0.0"
 
-# Health check
-HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
-  CMD node -e "require('http').get('http://localhost:3030', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
+COPY --from=builder /app/web/.next/standalone ./
+COPY --from=builder /app/web/.next/static ./.next/static
 
 EXPOSE 3030
+ENV PORT=3030
 CMD ["node", "server.js"]