diff --git a/backoffice/.dockerignore b/backoffice/.dockerignore
new file mode 100644
index 0000000..726367f
--- /dev/null
+++ b/backoffice/.dockerignore
@@ -0,0 +1,36 @@
+# Dependencies
+node_modules
+npm-debug.log
+
+# Build output (we rebuild in Docker)
+dist
+
+# Development
+.git
+.gitignore
+.env
+.env.*
+!.env.example
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+
+# Test
+coverage
+.nyc_output
+test
+*.spec.ts
+*.test.ts
+
+# Documentation
+README.md
+docs
+
+# Misc
+*.md
+*.log
+.DS_Store
+Thumbs.db
diff --git a/backoffice/Dockerfile b/backoffice/Dockerfile
index 735d4f7..b386aa9 100644
--- a/backoffice/Dockerfile
+++ b/backoffice/Dockerfile
@@ -1,16 +1,60 @@
+# =============================================================================
+# Stage 1: Builder - Install dependencies and build
+# =============================================================================
 FROM node:20-alpine AS builder
+
 WORKDIR /app
+
+# Copy package files first (better layer caching)
 COPY package*.json ./
-RUN npm ci
+
+# Install ALL dependencies (including devDependencies for build)
+RUN npm ci --ignore-scripts
+
+# Copy source code
 COPY . .
+
+# Build the application
 RUN npm run build
 
-FROM node:20-alpine AS production
+# =============================================================================
+# Stage 2: Production dependencies only
+# =============================================================================
+FROM node:20-alpine AS deps
+
 WORKDIR /app
-COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/package*.json ./
+
+COPY package*.json ./
+
+# Install ONLY production dependencies (smaller image)
+RUN npm ci --omit=dev --ignore-scripts && npm cache clean --force
+
+# =============================================================================
+# Stage 3: Production - Minimal runtime image
+# =============================================================================
+FROM node:20-alpine AS production
+
+# Add non-root user for security
+RUN addgroup -g 1001 -S nodejs && adduser -S nestjs -u 1001
+
+WORKDIR /app
+
+# Copy only what's needed to run
+COPY --from=deps --chown=nestjs:nodejs /app/node_modules ./node_modules
+COPY --from=builder --chown=nestjs:nodejs /app/dist ./dist
+COPY --from=builder --chown=nestjs:nodejs /app/package.json ./
+
+# Set environment
 ENV NODE_ENV=production
 ENV PORT=3001
+
+# Use non-root user
+USER nestjs
+
 EXPOSE 3001
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD node -e "require('http').get('http://localhost:3001/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))" || exit 1
+
 CMD ["node", "dist/main.js"]