diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..bb61346
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,31 @@
+FROM rust:1.75-alpine AS builder
+WORKDIR /app
+
+# Dépendances de build
+RUN apk add --no-cache musl-dev openssl-dev pkgconfig
+
+# Préparer le cache
+COPY Cargo.toml Cargo.lock ./
+COPY src ./src
+
+# Build en release
+RUN cargo build --release
+
+# Image runtime minimale
+FROM alpine:3.19 AS runtime
+WORKDIR /home/bitcoin
+
+# Utilisateur non-root
+RUN adduser -D relay && \
+    mkdir -p /home/bitcoin/.4nk && chown -R relay:relay /home/bitcoin
+
+# Copier le binaire
+COPY --from=builder /app/target/release/sdk_relay /usr/local/bin/sdk_relay
+
+EXPOSE 8090 8091
+USER relay
+
+# Le service lit la conf depuis "/home/bitcoin/.conf" (montée par docker-compose)
+CMD ["/usr/local/bin/sdk_relay"]
+
+