diff --git a/Dockerfile b/Dockerfile
index 8a99e5f0..07f6e6dd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,46 +1,60 @@
+FROM python:3.11-slim AS builder
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN python -m venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
+
+COPY requirements.txt .
+
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
 FROM python:3.11-slim
 
 ARG VERSION="v2.2.4"
 ARG BUILD_DATE
 ARG VCS_REF
 
-WORKDIR /app
-
-RUN apt-get update && apt-get install -y \
-    gcc \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     wget \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get clean
 
-COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+COPY --from=builder /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"
 
 RUN groupadd -g 1000 app && \
     useradd -u 1000 -g 1000 -m -s /bin/bash app
 
-COPY . .
+WORKDIR /app
+
+COPY --chown=app:app . .
 
 RUN mkdir -p logs data && \
-    chown -R app:app /app && \
-    chown -R 1000:1000 ./logs ./data
+    chown -R app:app /app logs data
 
 USER app
 
-ENV PYTHONPATH=/app
-ENV PYTHONUNBUFFERED=1
-ENV VERSION=${VERSION}
-ENV BUILD_DATE=${BUILD_DATE}
-ENV VCS_REF=${VCS_REF}
+ENV PYTHONPATH=/app \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    VERSION=${VERSION} \
+    BUILD_DATE=${BUILD_DATE} \
+    VCS_REF=${VCS_REF}
 
 EXPOSE 8081 8082
 
-LABEL org.opencontainers.image.title="Bedolaga RemnaWave Bot"
-LABEL org.opencontainers.image.description="Telegram bot for RemnaWave VPN service"
-LABEL org.opencontainers.image.version="${VERSION}"
-LABEL org.opencontainers.image.created="${BUILD_DATE}"
-LABEL org.opencontainers.image.revision="${VCS_REF}"
-LABEL org.opencontainers.image.source="https://github.com/fr1ngg/remnawave-bedolaga-telegram-bot"
-LABEL org.opencontainers.image.url="https://github.com/fr1ngg/remnawave-bedolaga-telegram-bot"
-LABEL org.opencontainers.image.vendor="fr1ngg"
+LABEL org.opencontainers.image.title="Bedolaga RemnaWave Bot" \
+      org.opencontainers.image.description="Telegram bot for RemnaWave VPN service" \
+      org.opencontainers.image.version="${VERSION}" \
+      org.opencontainers.image.created="${BUILD_DATE}" \
+      org.opencontainers.image.revision="${VCS_REF}" \
+      org.opencontainers.image.source="https://github.com/fr1ngg/remnawave-bedolaga-telegram-bot" \
+      org.opencontainers.image.url="https://github.com/fr1ngg/remnawave-bedolaga-telegram-bot" \
+      org.opencontainers.image.vendor="fr1ngg"
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
     CMD wget --no-verbose --tries=1 --spider http://localhost:8081/health || exit 1