diff --git a/Dockerfile b/Dockerfile
index 25feb6a..031e274 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,21 +23,10 @@ RUN adduser \
     "${USER}"
 
 # Add trusted CAs for communicating with external services
-RUN apk add --no-cache \
-        ca-certificates \
-        curl \
-    && \
-    update-ca-certificates
-
-# Add crystal lang
-# can look up packages here: https://pkgs.alpinelinux.org/packages?name=crystal
 RUN apk add \
   --update \
   --no-cache \
-  --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main \
-  --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
-    crystal \
-    shards \
+    ca-certificates \
     yaml-dev \
     yaml-static \
     libxml2-dev \
@@ -47,6 +36,18 @@ RUN apk add \
     zlib-static \
     tzdata
 
+RUN update-ca-certificates
+
+# Add crystal lang
+# can look up packages here: https://pkgs.alpinelinux.org/packages?name=crystal
+RUN apk add \
+  --update \
+  --no-cache \
+  --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main \
+  --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
+    crystal \
+    shards
+
 # Install shards for caching
 COPY shard.yml shard.yml
 COPY shard.override.yml shard.override.yml
@@ -61,15 +62,18 @@ COPY src /app/src
 RUN UNAME_AT_COMPILE_TIME=true \
     PLACE_COMMIT=$PLACE_COMMIT \
     PLACE_VERSION=$PLACE_VERSION \
-    crystal build \
-        --error-trace \
-        --release \
-        --static \
-        -o /app/source \
-        /app/src/app.cr
+    shards build --production --release --error-trace
 
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
+# Extract binary dependencies
+RUN for binary in /app/bin/*; do \
+        ldd "$binary" | \
+        tr -s '[:blank:]' '\n' | \
+        grep '^/' | \
+        xargs -I % sh -c 'mkdir -p $(dirname deps%); cp % deps%;'; \
+    done
+
 # Build a minimal docker image
 FROM scratch
 WORKDIR /
@@ -89,8 +93,9 @@ ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 # This is required for Timezone support
 COPY --from=build /usr/share/zoneinfo/ /usr/share/zoneinfo/
 
-# copy the application
-COPY --from=build /app/source /source
+# Copy the app into place
+COPY --from=build /app/deps /
+COPY --from=build /app/bin /
 
 # Use an unprivileged user.
 USER appuser:appuser