diff --git a/.forgejo/workflows/publish-docker-cache.yml b/.forgejo/workflows/publish-docker-cache.yml
new file mode 100644
index 0000000..582064f
--- /dev/null
+++ b/.forgejo/workflows/publish-docker-cache.yml
@@ -0,0 +1,44 @@
+#
+# This workflow caches yarn packages inside Docker
+#
+name: Publish Docker (docker cache)
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.vault48.org
+          username: ${{ secrets.username }}
+          password: ${{ secrets.password }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: git.vault48.org/${{ env.GITHUB_REPOSITORY }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./ci/docker-cache/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
diff --git a/.forgejo/workflows/publish.yml b/.forgejo/workflows/publish-runner-cache.yml
similarity index 91%
rename from .forgejo/workflows/publish.yml
rename to .forgejo/workflows/publish-runner-cache.yml
index fecf18d..951fef8 100644
--- a/.forgejo/workflows/publish.yml
+++ b/.forgejo/workflows/publish-runner-cache.yml
@@ -1,8 +1,11 @@
-name: Publish Docker image
+#
+# This workflow caches yarn packages on runner
+#
+name: Publish Docker (runner cache)
 
 on:
   push:
-    branches: main
+    branches: [never]
 
 jobs:
   push_to_registry:
@@ -51,7 +54,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./ci/Dockerfile
+          file: ./ci/runner-cache/Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
diff --git a/ci/docker-cache/Dockerfile b/ci/docker-cache/Dockerfile
new file mode 100644
index 0000000..915eaf5
--- /dev/null
+++ b/ci/docker-cache/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:18 as builder
+
+COPY package.json yarn.lock ./
+
+RUN yarn install --immutable
+
+COPY . .
+
+RUN yarn build
+
+FROM nginx:alpine
+
+COPY ci/docker-cache/nginx.conf /etc/nginx/nginx.conf
+RUN rm -rf /usr/share/nginx/html/*
+COPY --from=builder /dist /usr/share/nginx/html
+
+EXPOSE ${EXPOSE} 80
+
+ENTRYPOINT ["nginx", "-g", "daemon off;"]
diff --git a/ci/nginx.conf b/ci/docker-cache/nginx.conf
similarity index 100%
rename from ci/nginx.conf
rename to ci/docker-cache/nginx.conf
diff --git a/ci/Dockerfile b/ci/runner-cache/Dockerfile
similarity index 73%
rename from ci/Dockerfile
rename to ci/runner-cache/Dockerfile
index 10be35d..eabf714 100644
--- a/ci/Dockerfile
+++ b/ci/runner-cache/Dockerfile
@@ -1,6 +1,6 @@
 FROM nginx:alpine
 
-COPY ci/nginx.conf /etc/nginx/nginx.conf
+COPY ci/runner-cache/nginx.conf /etc/nginx/nginx.conf
 RUN rm -rf /usr/share/nginx/html/*
 COPY /dist /usr/share/nginx/html
 
diff --git a/ci/runner-cache/nginx.conf b/ci/runner-cache/nginx.conf
new file mode 100644
index 0000000..7fbacbd
--- /dev/null
+++ b/ci/runner-cache/nginx.conf
@@ -0,0 +1,46 @@
+worker_processes 4;
+
+events { worker_connections 1024; }
+
+http {
+    server {
+        listen 80;
+        root  /usr/share/nginx/html;
+        include /etc/nginx/mime.types;
+
+        gzip            on;
+        gzip_min_length 1000;
+        gzip_proxied    expired no-cache no-store private auth;
+        gzip_types      text/plain application/xml application/javascript;
+
+        ## All static files will be served directly.
+        location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg)$ {
+                access_log off;
+                expires 30d;
+                add_header Cache-Control public;
+                gzip_static on;
+
+                ## No need to bleed constant updates. Send the all shebang in one
+                ## fell swoop.
+                tcp_nodelay off;
+
+                ## Set the OS file cache.
+                open_file_cache max=3000 inactive=120s;
+                open_file_cache_valid 45s;
+                open_file_cache_min_uses 2;
+                open_file_cache_errors off;
+        }
+
+        location / {
+                gzip_static on;
+                try_files $uri @index;
+        }
+
+        location @index {
+                add_header Cache-Control "no-store, no-cache, must-revalidate";
+                expires -1;
+                try_files /index.html =404;
+        }
+    }
+}
+