diff --git a/server/.containerignore b/server/.containerignore
new file mode 100644
index 0000000..0351ffd
--- /dev/null
+++ b/server/.containerignore
@@ -0,0 +1,5 @@
+*
+!src/
+!examples/
+!Cargo.toml
+!Cargo.lock
diff --git a/server/Containerfile b/server/Containerfile
new file mode 100644
index 0000000..451a0d0
--- /dev/null
+++ b/server/Containerfile
@@ -0,0 +1,29 @@
+FROM registry.fedoraproject.org/fedora:38 AS build
+
+RUN --mount=type=cache,target=/var/cache \
+	dnf install -y \
+		--setopt install_weak_deps=0 \
+		cargo \
+		libvirt-devel \
+		rust \
+	&& :
+
+COPY . /build
+
+RUN cd /build && cargo build --release --bins && strip -s target/release/sshca
+
+FROM registry.fedoraproject.org/fedora-minimal:38
+
+RUN --mount=type=cache,target=/var/cache \
+	microdnf install -y \
+		--setopt install_weak_deps=0 \
+		tini \
+		libvirt-libs \
+		openssh-clients \
+	&& :
+
+COPY --from=build /build/target/release/sshca /usr/local/bin/sshca
+
+USER 298:298
+
+ENTRYPOINT ["tini", "/usr/local/bin/sshca", "--"]