diff --git a/DysonNetwork.Sphere/Dockerfile b/DysonNetwork.Sphere/Dockerfile
index 3f28cbb..992f25e 100644
--- a/DysonNetwork.Sphere/Dockerfile
+++ b/DysonNetwork.Sphere/Dockerfile
@@ -1,31 +1,49 @@
+# -------- Base runtime image --------
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
-RUN apt-get update && apt-get install -y \
-    libfontconfig1 \
-    libfreetype6 \
-    libpng-dev \
-    libharfbuzz0b \
-    libgif7 \
-    libvips
-    
-USER $APP_UID
-WORKDIR /app
-EXPOSE 8080
-EXPOSE 8081
 
+# Install only necessary dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+  libfontconfig1 \
+  libfreetype6 \
+  libpng-dev \
+  libharfbuzz0b \
+  libgif7 \
+  libvips \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# Use non-root user if defined in Docker run
+USER ${APP_UID:-1000}
+
+WORKDIR /app
+EXPOSE 8080 8081
+
+# -------- Build stage --------
 FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
+
+# Copy everything and build
 COPY . .
-WORKDIR "/src/DysonNetwork.Sphere"
+WORKDIR /src/DysonNetwork.Sphere
 RUN dotnet restore
 RUN dotnet build -c $BUILD_CONFIGURATION -o /app/build
 
+# -------- Publish stage --------
 FROM build AS publish
 ARG BUILD_CONFIGURATION=Release
 RUN mkdir -p /app/publish/zh-Hans
-RUN dotnet publish -c $BUILD_CONFIGURATION -o /app/publish
 
+# Trim, ReadyToRun, single-file (optional), no self-contained to keep image small
+RUN dotnet publish -c $BUILD_CONFIGURATION -o /app/publish \
+  -p:PublishTrimmed=true \
+  -p:PublishReadyToRun=true \
+  -p:TieredPGO=true \
+  -p:SuppressTrimAnalysisWarnings=true
+
+# -------- Final image --------
 FROM base AS final
 WORKDIR /app
 COPY --from=publish /app/publish .
+
 ENTRYPOINT ["dotnet", "DysonNetwork.Sphere.dll"]
diff --git a/DysonNetwork.Sphere/Program.cs b/DysonNetwork.Sphere/Program.cs
index d7d468a..9f9a0d9 100644
--- a/DysonNetwork.Sphere/Program.cs
+++ b/DysonNetwork.Sphere/Program.cs
@@ -39,7 +39,12 @@ using tusdotnet.Stores;
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Host.UseContentRoot(Directory.GetCurrentDirectory());
-builder.WebHost.ConfigureKestrel(options => options.Limits.MaxRequestBodySize = long.MaxValue);
+builder.WebHost.ConfigureKestrel(options =>
+{
+    options.Limits.MaxRequestBodySize = long.MaxValue;
+    options.Limits.KeepAliveTimeout = TimeSpan.FromMinutes(2);
+    options.Limits.RequestHeadersTimeout = TimeSpan.FromSeconds(30);
+});
 
 // Add services to the container.
 
@@ -327,4 +332,4 @@ app.MapTus("/files/tus", _ => Task.FromResult<DefaultTusConfiguration>(new()
     }
 }));
 
-app.Run();
\ No newline at end of file
+app.Run();