diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa83e97..e0d8cf6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,42 +1,31 @@
-image: docker:latest
-
 stages:
-- test
 - build
+- build-manifest
 
 variables:
-  VERSION: 5.4-fpm
-  CACHETAG: build
+  VERSION: 5.9
   DOCKER_HOST: tcp://docker:2375
+  VERSIONARCH: ${VERSION}-${ARCH}
 
+cache:
+  key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
+  paths:
+  - build-cache
+
+image: docker:latest
 services:
 - docker:dind
 
 before_script:
-- docker info
-- docker version
+- if [ ! -d build-cache ]; then mkdir build-cache; fi
+- sed -i -e s'/https/http/' /etc/apk/repositories
+- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
+- docker info && docker version
+# env|sort
 - echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
 
-test:
-  stage: test
-  script:
-  - cat /etc/hosts
-  - env|sort
-  - docker build -t ${CI_REGISTRY_IMAGE}:${VERSION} .
-  - docker images
-  only:
-  - debug
-
-build:
-  stage: build
-  script:
-  - if [ -f init ]; then chmod 500 init; fi
-  - docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG} || true
-  - docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSION}
-  - docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
-  tags:
-  - docker
-  - x86_64
-  only:
-  - master
+include:
+- .gitlab-docker-x86_64.yml
+# .gitlab-docker-armv7l.yml
+# .gitlab-docker-arm64.yml
+- .gitlab-docker-manifest.yml
diff --git a/.gitlab-docker-manifest.yml b/.gitlab-docker-manifest.yml
new file mode 100644
index 0000000..1eddfc3
--- /dev/null
+++ b/.gitlab-docker-manifest.yml
@@ -0,0 +1,10 @@
+x86_64:build-manifest:
+  stage: build-manifest
+  script:
+  - docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}-armv7l
+  - docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
+  tags:
+  - docker
+  - x86_64
+  only:
+  - master
diff --git a/.gitlab-docker-x86_64.yml b/.gitlab-docker-x86_64.yml
new file mode 100644
index 0000000..77741bd
--- /dev/null
+++ b/.gitlab-docker-x86_64.yml
@@ -0,0 +1,16 @@
+x86_64:build:
+  variables:
+    ARCH: x86_64
+  stage: build
+  script:
+  - if [ -f init ]; then chmod 500 init; fi
+  - ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
+  - rm build-cache/* || true
+  - docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
+  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
+  - docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
+  tags:
+  - docker
+  - x86_64
+  only:
+  - master
diff --git a/Dockerfile b/Dockerfile
index 701aebd..9030a0b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,29 @@
 # NAME leenooks/wordpress
-# VERSION 5.4-fpm
+# VERSION 5.9-fpm
 
-FROM wordpress:5.4-fpm
+FROM wordpress:5.9-fpm-alpine
 
-RUN apt-get update && apt-get install -y openssh-server msmtp nginx \
-	&& rm /etc/nginx/sites-enabled/default \
-	&& apt-get -y autoremove \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+# Change to http respositories, so they we can cache the install packages
+RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
 
-RUN docker-php-ext-install -j$(nproc) opcache
-
-RUN useradd -c "Hosting Admin User" -u 1000 -g users -G www-data -d /var/www/html -M lamp
+# Tune PHP
 RUN sed -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
-COPY www.conf /usr/local/etc/php-fpm.d/
-COPY nginx-app.conf /etc/nginx/conf.d/
-COPY msmtprc /etc/
 RUN sed -i -e 's#^;sendmail_path =#sendmail_path = "/usr/bin/msmtp -t"#' /usr/local/etc/php/php.ini
+RUN adduser -g "Hosting Admin User" -u 1000 -G www-data -h /var/www/html -HD lamp && mkdir /run/nginx
 
-COPY sshd_config.patch /tmp
-RUN (cd / && patch -p0 ) < /tmp/sshd_config.patch && rm /tmp/sshd_config.patch
+# Base
+RUN apk add --no-cache unzip zlib nginx msmtp
+RUN curl -SLo /usr/local/bin/wait-for-it https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh && chmod +x /usr/local/bin/wait-for-it
 
-EXPOSE 9000/tcp 22/tcp
+COPY msmtprc /etc/
+COPY docker/www.conf /usr/local/etc/php-fpm.d/
+COPY docker/nginx-app.conf /etc/nginx/http.d/default.conf
 
-COPY init /sbin
+COPY docker/init /sbin/
+COPY update /usr/local/sbin
+RUN chmod 550 /sbin/init && chown 0:0 /sbin/init
+
+WORKDIR /var/www/html
+EXPOSE 80
 ENTRYPOINT [ "/sbin/init" ]
 CMD [ "php-fpm" ]
diff --git a/docker/init b/docker/init
new file mode 100755
index 0000000..faebb37
--- /dev/null
+++ b/docker/init
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -e
+
+NGINX_START=${NGINX_START:-TRUE}
+DB_PORT=3306
+
+function nginx_start() {
+	# Start NGINX
+	if [ -x /usr/sbin/nginx -a "${NGINX_START}" == "TRUE" ]; then
+		echo "* Starting NGINX..."
+		/usr/sbin/nginx -g 'daemon on; master_process on;'
+	fi
+}
+
+if [ -n "${WORDPRESS_DB_HOST}" -a -n "${DB_PORT}" ]; then
+	while ! wait-for-it -h ${WORDPRESS_DB_HOST} -p ${DB_PORT} -t 5 -q; do
+		echo "? Waiting for database at ${WORDPRESS_DB_HOST}:${DB_PORT}"
+		sleep 1;
+	done
+	echo "- DB is active on ${WORDPRESS_DB_HOST}:${DB_PORT}"
+fi
+
+nginx_start
+
+exec /usr/local/bin/docker-entrypoint.sh "$@"
diff --git a/nginx-app.conf b/docker/nginx-app.conf
similarity index 63%
rename from nginx-app.conf
rename to docker/nginx-app.conf
index 9f86955..60d2916 100644
--- a/nginx-app.conf
+++ b/docker/nginx-app.conf
@@ -2,13 +2,17 @@ server {
 	listen			80 default_server;
 	listen			[::]:80 default_server;
 
-	access_log		none;
-	client_max_body_size	10m;
-	error_log		none;
-	fastcgi_buffers		16 16k;
-	fastcgi_buffer_size	16k;
+	access_log		off;
+	client_max_body_size	64m;
+	error_log		/dev/stdout info;
+	fastcgi_buffering	off;
+	fastcgi_request_buffering off;
+	gzip_vary		on;
+	gzip_min_length		10240;
+	gzip_proxied		expired no-cache no-store private auth;
+	gzip_types		text/plain text/css application/javascript;
 	index			index.php index.html;
-	root			/var/www/html/public;
+	root			/var/www/html;
 	server_tokens		off;
 
 	set $my_https "off";
@@ -25,11 +29,15 @@ server {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
 		fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
+
 		include fastcgi_params;
+
+		fastcgi_param HTTPS $my_https;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		fastcgi_param SERVER_NAME $host;
-		fastcgi_param PATH_INFO $fastcgi_path_info;
-		fastcgi_param HTTPS $my_https;
-		fastcgi_param PHP_ADMIN_VALUE "sendmail_path=/usr/sbin/sendmail -i -t";
+
+		fastcgi_read_timeout 600s;
+		fastcgi_send_timeout 600s;
 	}
 }
diff --git a/www.conf b/docker/www.conf
similarity index 100%
rename from www.conf
rename to docker/www.conf
diff --git a/init b/init
deleted file mode 100755
index 1ec4a86..0000000
--- a/init
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-NO_NGINX=${NO_NGINX:-TRUE}
-SSH_START=${SSH_START:-FALSE}
-
-function nginx_start() {
-	# Start NGINX
-	if [ -x /usr/sbin/nginx -a "${NO_NGINX}" != "TRUE" ]; then
-		echo "* Starting NGINX..."
-		start-stop-daemon --start --pidfile /var/run/nginx.pid --exec /usr/sbin/nginx -- -g 'daemon on; master_process on;'
-	fi
-}
-
-if [ -x /usr/sbin/sshd -a "${SSH_START}" = "TRUE" ]; then
-	[ ! -d /var/run/sshd ] && mkdir /var/run/sshd
-	start-stop-daemon --start --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- -p 22
-fi
-
-nginx_start
-
-exec /usr/local/bin/docker-entrypoint.sh "$@"
diff --git a/msmtprc b/msmtprc
index 505acf3..26b5a34 100644
--- a/msmtprc
+++ b/msmtprc
@@ -1,18 +1,26 @@
 # A system wide configuration file is optional.
+defaults
+port 25
+tls off
+
 # If it exists, it usually defines a default account.
 # This allows msmtp to be used like /usr/sbin/sendmail.
 account default
 
+# Authentication
+auth off
+
 # The SMTP smarthost
 host smtp
 
 # Envelope-from address
-#from user@example.com
-domain example.com
+from nobody@%H
+
+# Sets the argument of the SMTP EHLO
+domain web
 
 # Construct envelope-from addresses of the form "user@oursite.example"
-#auto_from on
-#maildomain example.com
+#allow_from_override on
 
 # Syslog logging with facility LOG_MAIL instead of the default LOG_USER
 syslog LOG_MAIL
diff --git a/sshd_config.patch b/sshd_config.patch
deleted file mode 100644
index ae25961..0000000
--- a/sshd_config.patch
+++ /dev/null
@@ -1,29 +0,0 @@
---- /etc/ssh/sshd_config.orig    2017-12-17 13:08:18.460496574 +0000
-+++ /etc/ssh/sshd_config 2017-12-17 13:10:01.093459593 +0000
-@@ -15,8 +15,8 @@
- #ListenAddress 0.0.0.0
- #ListenAddress ::
- 
--#HostKey /etc/ssh/ssh_host_rsa_key
--#HostKey /etc/ssh/ssh_host_ecdsa_key
-+HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_ecdsa_key
- #HostKey /etc/ssh/ssh_host_ed25519_key
- 
- # Ciphers and keying
-@@ -30,6 +30,7 @@
- 
- #LoginGraceTime 2m
- #PermitRootLogin prohibit-password
-+PermitRootLogin no
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
-@@ -54,6 +55,7 @@
- 
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
-+PasswordAuthentication no
- #PermitEmptyPasswords no
- 
- # Change to yes to enable challenge-response passwords (beware issues with
diff --git a/update b/update
new file mode 100755
index 0000000..57be8b6
--- /dev/null
+++ b/update
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+apk add rsync
+
+[ -d /var/www/html/wp-includes ] && rm -rf /var/www/html/wp-includes
+[ -d /var/www/html/wp-admin ] && rm -rf /var/www/html/wp-admin
+
+rsync -xaHvP /usr/src/wordpress/ /var/www/html/