diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile
index 92cd6298..a5fce1b6 100644
--- a/docker/alpine/Dockerfile
+++ b/docker/alpine/Dockerfile
@@ -1,21 +1,17 @@
-#
-# Dockerfile for shadowsocks-libev
-#
+FROM alpine:3.16
+LABEL maintainer="kev <noreply@datageek.info>, Sah <contact@leesah.name>, vndroid <waveworkshop@outlook.com>"
 
-FROM alpine
-LABEL maintainer="kev <noreply@datageek.info>, Sah <contact@leesah.name>"
-
-ENV SERVER_ADDR 0.0.0.0
-ENV SERVER_PORT 8388
+ENV SERVER_ADDR=0.0.0.0
+ENV SERVER_PORT=8388
 ENV PASSWORD=
-ENV METHOD      aes-256-gcm
-ENV TIMEOUT     300
-ENV DNS_ADDRS    8.8.8.8,8.8.4.4
-ENV TZ UTC
+ENV METHOD=aes-256-gcm
+ENV TIMEOUT=300
+ENV DNS_ADDRS="8.8.8.8,8.8.4.4"
+ENV TZ=UTC
 ENV ARGS=
 
 COPY . /tmp/repo
-RUN set -ex \
+RUN set -x \
  # Build environment setup
  && apk add --no-cache --virtual .build-deps \
       autoconf \
@@ -33,8 +29,10 @@ RUN set -ex \
  && cd /tmp/repo \
  && ./autogen.sh \
  && ./configure --prefix=/usr --disable-documentation \
+ && make -j$(getconf _NPROCESSORS_ONLN) \
  && make install \
  && ls /usr/bin/ss-* | xargs -n1 setcap cap_net_bind_service+ep \
+ && strip $(ls /usr/local/bin | grep -Ev 'ss-nat') \
  && apk del .build-deps \
  # Runtime dependencies setup
  && apk add --no-cache \
@@ -46,8 +44,11 @@ RUN set -ex \
       | sort -u) \
  && rm -rf /tmp/repo
 
-USER nobody
+COPY ./docker/alpine/entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+EXPOSE 8388
 
-COPY ./docker/alpine/entrypoint.sh /entrypoint.sh
+STOPSIGNAL SIGINT
 
-CMD /entrypoint.sh
+CMD ["ss-server"]
diff --git a/docker/alpine/entrypoint.sh b/docker/alpine/entrypoint.sh
index 84b7104e..3f62a2cd 100755
--- a/docker/alpine/entrypoint.sh
+++ b/docker/alpine/entrypoint.sh
@@ -1,22 +1,31 @@
 #!/bin/sh
+# vim:sw=4:ts=4:et
 
-if [[ -f "$PASSWORD_FILE" ]]; then
-    PASSWORD=$(cat "$PASSWORD_FILE")
-fi
+set -e
 
-if [[ -f "/var/run/secrets/$PASSWORD_SECRET" ]]; then
-    PASSWORD=$(cat "/var/run/secrets/$PASSWORD_SECRET")
-fi
+if [ "$1" = "ss-server" ]; then
+    COREVER=$(uname -r | grep -Eo '[0-9].[0-9]+' | sed -n '1,1p')
+    CMV=$(echo $COREVER | awk -F '.' '{print $1}')
+    CSV=$(echo $COREVER | awk -F '.' '{print $2}')
+
+    if [[ -f "$PASSWORD_FILE" ]]; then
+        PASSWORD=$(cat "$PASSWORD_FILE")
+    fi
+    
+    if [[ -f "/var/run/secrets/$PASSWORD_SECRET" ]]; then
+        PASSWORD=$(cat "/var/run/secrets/$PASSWORD_SECRET")
+    fi
+    
+    if [[ ! -z "$DNS_ADDRS" ]]; then
+        DNS="-d $DNS_ADDRS"
+    fi
 
-if [[ ! -z "$DNS_ADDRS" ]]; then
-    ARGS="-d $DNS_ADDRS $ARGS"
+    if [ $(echo "$CMV >= 3" | bc) ]; then
+        if [ $(echo "$CSV > 7" | bc) ]; then
+        TFO='--fast-open'
+        fi
+    fi 
+    RT_ARGS="-s $SERVER_ADDR -p $SERVER_PORT -k ${PASSWORD:-$(hostname)} -m $METHOD -a nobody -t $TIMEOUT -u $DNS $TFO $ARGS"
 fi
 
-exec ss-server \
-      -s $SERVER_ADDR \
-      -p $SERVER_PORT \
-      -k ${PASSWORD:-$(hostname)} \
-      -m $METHOD \
-      -t $TIMEOUT \
-      -u \
-      $ARGS
+exec $@ $RT_ARGS
\ No newline at end of file