diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index b4163d161c..f00ae07fba 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -280,7 +280,7 @@ jobs:
           IMAGE_NAME: ${{ steps.image-name.outputs.name }}
         run: |
           mkdir build
-          docker run --rm --volume $(pwd)/build:/temp --entrypoint bash \
+          docker run --rm --volume $(pwd)/build:/temp --entrypoint sh \
             $IMAGE_NAME -c "cp -r ./ /temp"
 
           zip -r web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip build
diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile
index 05def421c8..7ac2223ab1 100644
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -1,23 +1,22 @@
 ###############################################
-#                Build stage 1                #
+#           Node.js build stage (alpine)      #
 ###############################################
 ARG NODE_VERSION=20
-FROM --platform=$BUILDPLATFORM node:${NODE_VERSION} AS node-build
-
-ARG NPM_COMMAND=dist:bit:selfhost
+FROM --platform=$BUILDPLATFORM node:${NODE_VERSION}-alpine AS node-build
 
 WORKDIR /source
+COPY package*.json ./
 COPY . .
-
 RUN npm ci
 
 WORKDIR /source/apps/web
+ARG NPM_COMMAND=dist:bit:selfhost
 RUN npm run ${NPM_COMMAND}
 
 ###############################################
 #                Build stage 2                #
 ###############################################
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
 
 # Docker buildx supplies the value for this arg
 ARG TARGETPLATFORM
@@ -25,11 +24,11 @@ ARG TARGETPLATFORM
 # Determine proper runtime value for .NET
 # We put the value in a file to be read by later layers.
 RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
-      RID=linux-x64 ; \
+      RID=linux-musl-x64 ; \
     elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
-      RID=linux-arm64 ; \
+      RID=linux-musl-arm64 ; \
     elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
-      RID=linux-arm ; \
+      RID=linux-musl-arm ; \
     fi \
     && echo "RID=$RID" > /tmp/rid.txt
 
@@ -57,19 +56,18 @@ WORKDIR /app
 ###############################################
 #                  App stage                  #
 ###############################################
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
 
 ARG TARGETPLATFORM
 LABEL com.bitwarden.product="bitwarden"
 ENV ASPNETCORE_ENVIRONMENT=Production
 ENV ASPNETCORE_URLS=http://+:5000
+ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
 EXPOSE 5000
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        gosu \
-        curl \
-    && rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache curl \
+    icu-libs \
+    && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
 
 # Copy app from the build stage
 WORKDIR /bitwarden_server
diff --git a/apps/web/entrypoint.sh b/apps/web/entrypoint.sh
index 53e8af235f..72fd2b43b1 100644
--- a/apps/web/entrypoint.sh
+++ b/apps/web/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # Setup
 
@@ -22,11 +22,10 @@ fi
 if [ "$(id -u)" = "0" ]; then
     # Create user and group
 
-    groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-    groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-    useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-    usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-    mkhomedir_helper $USERNAME
+    addgroup -g "$LGID" -S "$GROUPNAME" 2>/dev/null || true
+    adduser -u "$LUID" -G "$GROUPNAME" -S -D -H "$USERNAME" 2>/dev/null || true
+    mkdir -p /home/$USERNAME
+    chown $USERNAME:$GROUPNAME /home/$USERNAME
 
     # The rest...