diff --git a/server/Dockerfile b/server/Dockerfile
index d04d298..7833bcc 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -20,23 +20,35 @@ RUN npm install --only=production && \
     npm cache clean --force
 
 # Copy application code
-COPY . .
+# Copy application code
+COPY --chown=nodejs:nodejs . .
 
-# Create logs directory
-RUN mkdir -p logs
+# Copy and set permissions for entrypoint script
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
-# Create uploads directory for logos
-RUN mkdir -p uploads/logos
+# Install su-exec for user switching
+RUN apk add --no-cache su-exec
+
+# Create logs and uploads directories
+RUN mkdir -p logs uploads/logos
 
 # Create non-root user
 RUN addgroup -g 1001 -S nodejs && \
     adduser -S nodejs -u 1001
 
-# Set ownership
+# Set ownership of all app files including uploads
 RUN chown -R nodejs:nodejs /app
 
-# Switch to non-root user
-USER nodejs
+# Ensure uploads directory has proper permissions
+RUN chmod -R 755 /app/uploads
+
+# Copy and set permissions for entrypoint script
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+# Stay as root for the entrypoint (it will switch to nodejs user)
+# USER nodejs (commented out - entrypoint will handle user switching)
 
 # Expose port
 EXPOSE 3001
@@ -45,8 +57,8 @@ EXPOSE 3001
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
     CMD curl -f http://localhost:3001/api/health || exit 1
 
-# Use dumb-init to handle signals properly
-ENTRYPOINT ["dumb-init", "--"]
+# Use custom entrypoint that handles permissions and user switching
+ENTRYPOINT ["docker-entrypoint.sh"]
 
 # Start the application
 CMD ["npm", "start"]
diff --git a/server/docker-entrypoint.sh b/server/docker-entrypoint.sh
new file mode 100644
index 0000000..20121c5
--- /dev/null
+++ b/server/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# This script runs as root to set up permissions, then switches to nodejs user
+
+# Ensure uploads directory exists and has correct permissions
+mkdir -p /app/uploads/logos
+chown -R nodejs:nodejs /app/uploads
+chmod -R 755 /app/uploads
+
+# Switch to nodejs user and execute the command with dumb-init for signal handling
+exec su-exec nodejs dumb-init -- "$@"
\ No newline at end of file