diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7963f696..c320f097 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -49,7 +49,6 @@ jobs:
             python -m pip install -r development.txt
             sudo yarn install --non-interactive
             sudo yarn global add prettier@1.17.0
-            sudo python3.6 -m pip install black==19.3b0
 
       - name: Lint
         run: make lint
diff --git a/Dockerfile b/Dockerfile
index 0d0553ff..dfb097b9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,33 +1,37 @@
-FROM python:3.7-alpine
+FROM python:3.7-slim-buster
 WORKDIR /opt/CTFd
 RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads
 
-RUN apk update && \
-    apk add --no-cache \
-        python \
+# hadolint ignore=DL3008
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        build-essential \
+        default-mysql-client \
         python-dev \
-        linux-headers \
         libffi-dev \
-        gcc \
-        make \
-        musl-dev \
-        py-pip \
-        mysql-client \
-        git \
-        openssl-dev
+        libssl-dev \
+        git\
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY . /opt/CTFd
 
 RUN pip install -r requirements.txt --no-cache-dir
+# hadolint ignore=SC2086
 RUN for d in CTFd/plugins/*; do \
         if [ -f "$d/requirements.txt" ]; then \
             pip install -r $d/requirements.txt --no-cache-dir; \
         fi; \
     done;
 
-RUN chmod +x /opt/CTFd/docker-entrypoint.sh
-RUN adduser -D -u 1001 -s /bin/sh ctfd
-RUN chown -R 1001:1001 /opt/CTFd /var/log/CTFd /var/uploads
+RUN adduser \
+    --disabled-login \
+    -u 1001 \
+    --gecos "" \
+    --shell /bin/bash \
+    ctfd
+RUN chmod +x /opt/CTFd/docker-entrypoint.sh \
+    && chown -R 1001:1001 /opt/CTFd /var/log/CTFd /var/uploads
 
 USER 1001
 EXPOSE 8000
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index c2ff1aff..61d71e42 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,11 +1,13 @@
-#!/bin/sh
-set -eo pipefail
+#!/bin/bash
+set -euo pipefail
 
 WORKERS=${WORKERS:-1}
 WORKER_CLASS=${WORKER_CLASS:-gevent}
 ACCESS_LOG=${ACCESS_LOG:--}
 ERROR_LOG=${ERROR_LOG:--}
 WORKER_TEMP_DIR=${WORKER_TEMP_DIR:-/dev/shm}
+SECRET_KEY=${SECRET_KEY:-}
+DATABASE_URL=${DATABASE_URL:-}
 
 # Check that a .ctfd_secret_key file or SECRET_KEY envvar is set
 if [ ! -f .ctfd_secret_key ] && [ -z "$SECRET_KEY" ]; then