diff --git a/.drone.yml b/.drone.yml
index f7741b6..6352778 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,9 +1,9 @@
 kind: pipeline
 type: docker
 
-name: Build and Deploy
+name: Build and Deplo
 steps:
-  - name: build
+  - name: Build site with Hugo
     image: klakegg/hugo:ext-alpine-ci
     environment:
       HUGO_SECURITY_HTTP_URLS: none
@@ -12,21 +12,20 @@ steps:
       - git submodule update --init --single-branch --depth=1
       - hugo
 
-  - name: deploy
-    image: alpine:latest
-    environment:
-      SSH_KEY:
-        from_secret: ssh_key
-    commands:
-      - apk add --no-cache openssh-client rsync
-      - mkdir ~/.ssh
-      - echo "$${SSH_KEY}" > ~/.ssh/id_ed25519
-      - chmod 600 ~/.ssh/id_ed25519
-      - ssh-keyscan -H cpx.servers.sapti.me > ~/.ssh/known_hosts
-      - rsync -acvx --delete ./public cicd@cpx.servers.sapti.me:/opt/docker/samsapti.dev/
+  - name: Build and push Docker image
+    image: plugins/docker
+    settings:
+      repo: samsapti/website
+      username:
+        from_secret: DOCKER_USERNAME
+      password:
+        from_secret: DOCKER_PASSWORD
+      tags:
+        - "${DRONE_BUILD_NUMBER}"
+        - latest
     when:
       branch:
         - main
       event:
         exclude:
-          - pull_request
+        - pull_request
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..fe6e909
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx:alpine-slim
+
+COPY nginx.conf /etc/nginx/conf.d/web.conf
+COPY public/ /usr/share/nginx/html/
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..466b846
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,9 @@
+access_log off;
+
+add_header Connection "Keep-Alive" always;
+add_header Content-Security-Policy "default-src 'none'; child-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src 'self'; manifest-src 'self'" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=(),interest-cohort=()" always;
+add_header Referrer-Policy "no-referrer" always;
+add_header Cache-Control "max-age=3600" always;