diff --git a/docker-compose.yml b/docker-compose.yml
index 33d40b5..bfd404b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,7 +42,6 @@ services:
     build:
       dockerfile: Dockerfile
       context: ./frontend
-      target: prod
     # open port 8000
     ports:
       - "8000:8000"
@@ -50,7 +49,7 @@ services:
   rproxy:
     image: docker.io/bitnami/nginx:1.27
     volumes:
-      - ./reverseproxy.local.conf:/opt/bitnami/nginx/conf/nginx.conf
+      - ./reverseproxy.local.conf:/var/conf/nginx.conf
     depends_on:
       - htwkalender-data-manager
       - htwkalender-frontend
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index ead343c..0ad0af2 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -1,20 +1,3 @@
-#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
-#Copyright (C) 2024 HTWKalender support@htwkalender.de
-
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU Affero General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
-
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU Affero General Public License for more details.
-
-#You should have received a copy of the GNU Affero General Public License
-#along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-# build stage
 FROM docker.io/node:lts-alpine AS build
 
 WORKDIR /app
@@ -23,20 +6,40 @@ RUN npm ci
 COPY / ./
 RUN npm run build
 
-# development stage
-FROM docker.io/node:lts-alpine AS dev
+FROM docker.io/nixos/nix:2.26.2 AS build-nginx
 
-WORKDIR /app
-COPY package*.json ./
-RUN npm install
-COPY . ./
+# Install nginx
+RUN mkdir -p /output/store
+RUN nix-env --profile /output/profile -i nginx
+RUN cp -va $(nix-store -qR /output/profile) /output/store
 
-# production stage
-# https://hub.docker.com/r/bitnami/nginx -> always run as non-root user
-FROM docker.io/bitnami/nginx:1.27 AS prod
+# Create empty directories needed by nginx
+RUN mkdir -p /to_add/var/log/nginx \
+             /to_add/var/cache/nginx/tmp \
+             /to_add/var/conf/ \
+             /to_add/var/conf/ \
+             /to_add/var/www \
+             /to_add/var/run
 
-# copy build files from build container
-COPY --from=build /app/dist /app
-COPY ./nginx.conf /opt/bitnami/nginx/conf/nginx.conf
+# Create user and group for nginx
+RUN nix-shell -p busybox --command "addgroup --system nginx && adduser --system -G nginx --uid 31337 nginx"
 
+# Make sure nginx can write to required directories
+RUN chown -R 31337 /to_add/
+
+FROM scratch
+
+# Copy over nginx files and dependencies
+COPY --from=build-nginx /output/store /nix/store
+COPY --from=build-nginx /output/profile/ /usr/local/
+COPY --from=build-nginx /to_add /
+
+# Copy required user information
+COPY --from=build-nginx /etc/passwd /etc/passwd
+COPY --from=build-nginx /etc/group /etc/group
+
+# Add user specific content and config
+COPY --from=build --chown=nginx:nginx /app/dist/ /var/www/
+COPY ./nginx.conf /var/conf/nginx.conf
 EXPOSE 8000
+ENTRYPOINT ["nginx", "-p", "/var/"]
\ No newline at end of file
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index dc99832..e0cead5 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -13,50 +13,40 @@
 
 #You should have received a copy of the GNU Affero General Public License
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-worker_processes  4;
-
-error_log  /opt/bitnami/nginx/logs/error.log;
-pid        /opt/bitnami/nginx/tmp/nginx.pid;
+user nginx;
+worker_processes auto;
+pid /var/run/nginx.pid;
 
 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }
 
 http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
+    default_type application/octet-stream;
     log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer"';
 
-    access_log  /opt/bitnami/nginx/logs/proxy_access.log anonymized;
-    error_log   /opt/bitnami/nginx/logs/proxy_error.log error;
+    access_log  /var/log/nginx/proxy_access.log anonymized;
+    error_log   /var/log/nginx/proxy_error.log error;
 
     sendfile        on;
     keepalive_timeout  180s;
     send_timeout 180s;
 
-    client_body_temp_path /opt/bitnami/nginx/tmp/client_temp;
-    proxy_temp_path       /opt/bitnami/nginx/tmp/proxy_temp_path;
-    fastcgi_temp_path     /opt/bitnami/nginx/tmp/fastcgi_temp;
-    uwsgi_temp_path       /opt/bitnami/nginx/tmp/uwsgi_temp;
-    scgi_temp_path        /opt/bitnami/nginx/tmp/scgi_temp;
+    client_body_temp_path /var/cache/nginx/tmp/client_temp;
+    proxy_temp_path       /var/cache/nginx/tmp/proxy_temp_path;
+    fastcgi_temp_path     /var/cache/nginx/tmp/fastcgi_temp;
+    uwsgi_temp_path       /var/cache/nginx/tmp/uwsgi_temp;
+    scgi_temp_path        /var/cache/nginx/tmp/scgi_temp;
 
     server {
-        listen       8000;
-        listen  [::]:8000;
-        server_name  localhost;
+        listen 8000;
+        server_name localhost;
+
+        root /var/www;
+        index index.html;
 
         location / {
-            root   /opt/bitnami/nginx/html;
-            index  index.html index.htm;
-
-            #necessary to display vue subpage
-            try_files $uri $uri.html $uri/ /index.html;
-        }
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   /opt/bitnami/nginx/html;
+            try_files $uri $uri/ =404;
         }
     }
 }