diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8b976cc..d995f28 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,17 +1,31 @@
 stages:
 - build
+- build-manifest
 
 variables:
-  CACHETAG: build-${VERSION}
+  VERSION: latest
   DOCKER_HOST: tcp://docker:2375
+  VERSIONARCH: ${VERSION}-${ARCH}
 
+cache:
+  key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
+  paths:
+  - build-cache
+
+image: docker:latest
 services:
 - docker:dind
 
 before_script:
-- docker info
-- docker version
+- if [ ! -d build-cache ]; then mkdir build-cache; fi
+- sed -ie s'/https/http/' /etc/apk/repositories
+- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
+- docker info && docker version
+# env|sort
 - echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
-- env|sort
 
-include: .gitlab-docker-x86_64.yml
+include:
+- .gitlab-docker-x86_64.yml
+# .gitlab-docker-armv7l.yml
+# .gitlab-docker-arm64.yml
+- .gitlab-docker-manifest.yml
diff --git a/.gitlab-docker-manifest.yml b/.gitlab-docker-manifest.yml
new file mode 100644
index 0000000..8b38379
--- /dev/null
+++ b/.gitlab-docker-manifest.yml
@@ -0,0 +1,10 @@
+x86_64:build-manifest:
+  stage: build-manifest
+  script:
+  - docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}armv7l
+  - docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
+  tags:
+  - docker
+  - x86_64
+  only:
+  - master
diff --git a/.gitlab-docker-x86_64.yml b/.gitlab-docker-x86_64.yml
index 7a80415..77741bd 100644
--- a/.gitlab-docker-x86_64.yml
+++ b/.gitlab-docker-x86_64.yml
@@ -1,14 +1,14 @@
 x86_64:build:
   variables:
-    VERSION: x86_64
+    ARCH: x86_64
   stage: build
-  image: docker:latest
   script:
   - if [ -f init ]; then chmod 500 init; fi
-  - ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || echo "true"
-  - docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSION}
-  - docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
+  - ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
+  - rm build-cache/* || true
+  - docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
+  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
+  - docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
   tags:
   - docker
   - x86_64
diff --git a/Dockerfile b/Dockerfile
index de36f6e..0c72bbe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,17 @@
 # NAME leenooks/rspamd
 # VERSION latest
 
-FROM debian:stretch-slim
+FROM alpine
 
-RUN apt-get update \
-	&& apt-get install curl gnupg2 procps -yyq \
-	&& curl -L https://rspamd.com/apt-stable/gpg.key | apt-key add - \
-	&& apt-get purge curl gnupg2 -yyq && apt autoremove -yyq \
-	&& echo "deb http://rspamd.com/apt-stable/ stretch main" > /etc/apt/sources.list.d/rspamd.list \
-	&& apt-get update \
-	&& apt-get install rspamd iputils-ping -yyq \
-	&& rm -rf /var/lib/apt/lists/* /tmp/*
+# Change to http respositories, so they we can cache the install packages
+RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
 
+RUN apk add --no-cache rspamd
+
+ADD rspamd.conf.local.override /etc/rspamd/
 EXPOSE 11332 11333 11334
 
 COPY init /sbin/
 
 # Starting
 ENTRYPOINT [ "/sbin/init" ]
-CMD [ "start" ]
diff --git a/init b/init
index 8ae7a7c..bb2a8d9 100755
--- a/init
+++ b/init
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 set -e
 
 NAME="RSPAMD"
@@ -13,12 +13,25 @@ function stop {
 
 trap 'stop' SIGTERM
 
-if [ "$1" == "start" ]; then
-	if [ -z "${NO_CLAMAV}" ]; then
-		x=0; until ping -c1 ${CLAMAV} &>/dev/null; do echo "Waiting for [${CLAMAV}]..."; let x=$x+1; if [ $x -ge ${TRIES} ]; then NOTON=1; break; fi ; sleep ${WAIT}; done ; [ -n "${NOTON}" ] && echo "No [${CLAMAV}]?" && exit 1
+if [ -z "$@" ]; then
+	if [ -n "${ENABLE_CLAMAV}" ]; then
+		x=0;
+		until ping -c1 ${CLAMAV} &>/dev/null; do
+			echo "Waiting for [${CLAMAV}]...";
+			let x=$x+1;
+			if [ $x -ge ${TRIES} ]; then
+				NOTON=1;
+				 break;
+			fi
+			sleep ${WAIT};
+		done
+		[ -n "${NOTON}" ] && echo "No [${CLAMAV}]?" && exit 1
 	fi
 
-	[ -x /usr/bin/rspamd ] && exec /usr/bin/rspamd -u _rspamd -g _rspamd -c /etc/rspamd/rspamd.conf -f -p /var/run/rspamd.pid &
+	# Set password
+	[ -n "${RSPAMD_PASSWD}" ] && sed -i -e 's/^#\s*password/    password/' -e "s/@PASSWORD@/${RSPAMD_PASSWD}/" /etc/rspamd/rspamd.conf.local.override
+
+	[ -x /usr/bin/rspamd ] && exec /usr/bin/rspamd -u rspamd -g rspamd -c /etc/rspamd/rspamd.conf -f -p /var/run/rspamd.pid &
 
 	wait
 else
diff --git a/rspamd.conf.local.override b/rspamd.conf.local.override
new file mode 100644
index 0000000..5633aca
--- /dev/null
+++ b/rspamd.conf.local.override
@@ -0,0 +1,21 @@
+worker "normal" {
+    bind_socket = "*:11333";
+    .include "$CONFDIR/worker-normal.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
+}
+
+worker "controller" {
+    bind_socket = "*:11334";
+#    password = "@PASSWORD@";
+    .include "$CONFDIR/worker-controller.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
+}
+
+worker "rspamd_proxy" {
+    bind_socket = "*:11332";
+    .include "$CONFDIR/worker-proxy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
+}