diff --git a/.dockerignore b/.dockerignore
index 038136d8..cddf8c64 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,6 +3,10 @@ junitxml
 .mypy_cache
 .pytest_cache
 .vscode
+.git
+.github
+.DS_Store
+dist
 
 backend/*.sqlite3*
 backend/junitxml
@@ -12,6 +16,7 @@ backend/stored_uploads
 backend/staticfiles
 backend/venv
 backend/**/__pycache__/
+backend/.mypy_cache
 
 frontend/.nuxt/
 frontend/coverage/
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7592dea9..98727319 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -55,3 +55,14 @@ jobs:
         run: yarn install
       - name: Lint
         run: yarn lint
+
+  docker-lint:
+    runs-on: ubuntu-latest
+    container: hadolint/hadolint:latest-debian
+    defaults:
+      run:
+        working-directory: ./docker
+    steps:
+      - uses: actions/checkout@v2
+      - name: hadolint
+        run: hadolint ./Dockerfile*
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 7c9994b8..7d09665f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,20 +1,22 @@
 ARG PYTHON_VERSION="3.8.12-slim-buster"
-ARG NODE_VERSION="16.5-alpine3.14"
+ARG NODE_VERSION="16.14-buster-slim"
 FROM node:${NODE_VERSION} AS frontend-builder
 
 COPY frontend/ /frontend/
 WORKDIR /frontend
 ENV PUBLIC_PATH="/static/_nuxt/"
-
-# hadolint ignore=DL3018
-RUN apk add -U --no-cache git python3 make g++ \
+# hadolint ignore=DL3008
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends git python3 make g++ ca-certificates \
  && git config --global url."https://github.com/".insteadOf git://github.com/ \
  && yarn install \
  && yarn build \
- && apk del --no-cache git make g++
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
 
 FROM python:${PYTHON_VERSION} AS backend-builder
 
+# hadolint ignore=DL3008
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
     netcat=1.* \
@@ -23,46 +25,44 @@ RUN apt-get update \
     g++=4:* \
     libssl-dev=1.* \
     curl \
- && apt-get clean
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /tmp
 COPY backend/pyproject.toml backend/poetry.lock /tmp/
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# hadolint ignore=DL3013
-RUN pip install --upgrade pip \
+RUN pip install --no-cache-dir pip==22.0.4 \
  && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
  && PATH="${PATH}:$HOME/.poetry/bin" \
  && poetry export --without-hashes -o /requirements.txt \
  && echo "psycopg2-binary==2.8.6" >> /requirements.txt \
  && echo "django-heroku==0.3.1" >> /requirements.txt \
- && pip install --no-cache-dir -r /requirements.txt \
- && pip wheel --no-cache-dir -r /requirements.txt -w /deps
+ && pip install --no-cache-dir -r /requirements.txt
 
 FROM python:${PYTHON_VERSION} AS runtime
 
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
-    libpq-dev \
+    libpq-dev=11.* \
     unixodbc-dev=2.* \
     libssl-dev=1.* \
- && apt-get clean
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
 
 RUN useradd -ms /bin/sh doccano
-
 RUN mkdir /data \
  && chown doccano:doccano /data
 
-COPY --from=backend-builder /deps /deps
-# hadolint ignore=DL3013
-RUN pip install --no-cache-dir -U pip \
- && pip install --no-cache-dir /deps/*.whl \
- && rm -rf /deps
+COPY --from=backend-builder /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages
+COPY --from=backend-builder /usr/local/bin/celery /usr/local/bin/celery
+COPY --from=backend-builder /usr/local/bin/gunicorn /usr/local/bin/gunicorn
 
 COPY --chown=doccano:doccano . /doccano
 WORKDIR /doccano/backend
 COPY --from=frontend-builder /frontend/dist /doccano/backend/client/dist
-RUN python manage.py collectstatic --noinput
-RUN chown -R doccano:doccano .
+RUN python manage.py collectstatic --noinput \
+ && chown -R doccano:doccano .
 
 VOLUME /data
 ENV DATABASE_URL="sqlite:////data/doccano.db"
@@ -74,7 +74,6 @@ ENV PORT="8000"
 ENV WORKERS="2"
 ENV CELERY_WORKERS="2"
 ENV GOOGLE_TRACKING_ID=""
-ENV AZURE_APPINSIGHTS_IKEY=""
 ENV DJANGO_SETTINGS_MODULE="config.settings.production"
 
 USER doccano
diff --git a/docker/Dockerfile.nginx b/docker/Dockerfile.nginx
index 6b155e80..9f78979c 100644
--- a/docker/Dockerfile.nginx
+++ b/docker/Dockerfile.nginx
@@ -3,9 +3,9 @@ FROM node:${NODE_VERSION} AS frontend-builder
 
 COPY frontend/ /app/
 WORKDIR /app
-
+# hadolint ignore=DL3008
 RUN apt-get update \
- && apt-get install -y git python3 make g++ \
+ && apt-get install -y --no-install-recommends git python3 make g++ ca-certificates \
  && git config --global url."https://github.com/".insteadOf git://github.com/ \
  && yarn install \
  && yarn build \
diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod
index 17bea6f5..8ce8d9f7 100644
--- a/docker/Dockerfile.prod
+++ b/docker/Dockerfile.prod
@@ -12,8 +12,9 @@ RUN groupadd -g 61000 doccano \
   && useradd -g 61000 -l -M -s /bin/false -u 61000 doccano
 
 COPY --chown=doccano:doccano backend/pyproject.toml backend/poetry.lock /backend/
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# hadolint ignore=DL3013
+# hadolint ignore=DL3013,DL3008
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
     netcat=1.* \
@@ -21,7 +22,7 @@ RUN apt-get update \
     unixodbc-dev=2.* \
     g++=4:* \
     curl \
- && pip install --upgrade pip \
+ && pip install --upgrade --no-cache-dir pip \
  && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
  && PATH="${PATH}:$HOME/.poetry/bin" \
  && poetry config virtualenvs.create false \