diff --git a/.dockerignore b/.dockerignore
index 14472c8..a99fe65 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,34 @@
+# Version control
 .git
 .gitea
+
+# AI / IDE tooling
+.claude
+
+# Dev tooling
+.gitignore
+/.phpunit.cache
+phpunit.xml.dist
+tests/
+
+# Documentation
+CHANGELOG.md
+CLAUDE.md
+README.md
+
+# Compose / deployment descriptors (not app code)
+docker-compose.yml
+docker-compose.override.yml
+docker-compose.prod.yml
+
+# Dependencies — re-installed from lockfile in the build stage;
+# a local vendor/ in the build context would silently override the clean install
+vendor/
+
+# Runtime dirs (generated at build or run time, not from source)
 var/
+
+# Env files — config is injected at runtime via Docker environment variables
+.env
 .env.local
 .env.*.local
-docker-compose.override.yml
diff --git a/Dockerfile b/Dockerfile
index 267b8e0..7764216 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,9 @@ RUN composer install \
 # ── build stage (generate optimised classmap with source present) ──────────────
 FROM deps AS build
 COPY . .
-RUN composer dump-autoload --optimize --no-dev --no-interaction
+RUN composer dump-autoload --optimize --no-dev --no-interaction && \
+    mkdir -p var/cache var/log && \
+    APP_ENV=prod APP_SECRET=placeholder php bin/console cache:warmup --no-debug
 
 # ── dev stage (all deps + Xdebug, source is mounted at runtime) ───────────────
 FROM base AS dev
@@ -44,11 +46,11 @@ FROM base AS final
 RUN addgroup -S app && adduser -S -G app app
 
 COPY --from=build /app/vendor /app/vendor
+COPY --from=build /app/var/cache/prod /app/var/cache/prod
 COPY . .
 COPY docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
 
-RUN mkdir -p var/cache var/log \
-    && chown -R app:app /app
+RUN mkdir -p var/cache/prod/pools var/log && chown -R app:app /app
 
 USER app
 
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
new file mode 100644
index 0000000..cccefcb
--- /dev/null
+++ b/docker-compose.prod.yml
@@ -0,0 +1,32 @@
+services:
+  graph:
+    image: git.arthurerlich.de/haylan/git-contribution-graph:latest
+    container_name: git-contribution-graph
+    restart: unless-stopped
+    ports:
+      - "8080:8080"
+    environment:
+      APP_ENV: prod
+      APP_DEBUG: "0"
+      APP_SECRET: "${APP_SECRET}"
+      ALLOWED_HOSTS: "${ALLOWED_HOSTS:-}"
+      GITHUB_USER: "${GITHUB_USER:-}"
+      GITHUB_TOKEN: "${GITHUB_TOKEN:-}"
+      GITLAB_USER: "${GITLAB_USER:-}"
+      GITLAB_TOKEN: "${GITLAB_TOKEN:-}"
+      GITLAB_URL: "${GITLAB_URL:-}"
+      GITEA_USER: "${GITEA_USER:-}"
+      GITEA_TOKEN: "${GITEA_TOKEN:-}"
+      GITEA_URL: "${GITEA_URL:-}"
+    volumes:
+      - cache:/app/var/cache/prod/pools
+      - logs:/app/var/log
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+volumes:
+  cache:
+  logs:
diff --git a/docker-compose.yml b/docker-compose.yml
index 30be36c..bda6f6f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,7 +21,7 @@ services:
       GITEA_TOKEN: "${GITEA_TOKEN:-}"
       GITEA_URL: "${GITEA_URL:-}"
     volumes:
-      - cache:/app/var/cache
+      - cache:/app/var/cache/prod/pools
       - logs:/app/var/log
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/health"]