diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 971c0db..46f4e2d 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -3,7 +3,7 @@ name: Build and Deploy Thoughts
 on:
   push:
     branches:
-      - main
+      - master
   workflow_dispatch:
 
 jobs:
diff --git a/compose.prod.yml b/compose.prod.yml
new file mode 100644
index 0000000..c2b17f1
--- /dev/null
+++ b/compose.prod.yml
@@ -0,0 +1,83 @@
+services:
+  database:
+    image: postgres:15-alpine
+    container_name: thoughts-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - internal
+
+  backend:
+    container_name: thoughts-backend
+    build:
+      context: ./thoughts-backend
+      dockerfile: Dockerfile
+    restart: unless-stopped
+    environment:
+      - RUST_LOG=info
+      - RUST_BACKTRACE=1
+      - DATABASE_URL=DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/${POSTGRES_DB}
+      - HOST=0.0.0.0
+      - PORT=8000
+      - PREFORK=1
+      - AUTH_SECRET=${AUTH_SECRET}
+      - BASE_URL=https://thoughts.gabrielkaszewski.dev
+    depends_on:
+      database:
+        condition: service_healthy
+    networks:
+      - internal
+
+  frontend:
+    container_name: thoughts-frontend
+    build:
+      context: ./thoughts-frontend
+      dockerfile: Dockerfile
+      args:
+        NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL}
+    restart: unless-stopped
+    depends_on:
+      - backend
+    environment:
+      - NEXT_PUBLIC_SERVER_SIDE_API_URL=http://proxy/api
+    networks:
+      - internal
+
+  proxy:
+    container_name: thoughts-proxy
+    image: nginx:stable-alpine
+    restart: unless-stopped
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+    depends_on:
+      - frontend
+      - backend
+    networks:
+      - internal
+      - traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.thoughts.rule=Host(`thoughts.gabrielkaszewski.dev`)"
+      - "traefik.http.routers.thoughts.entrypoints=web,websecure"
+      - "traefik.http.routers.thoughts.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.thoughts.service=thoughts"
+      - "traefik.http.services.thoughts.loadbalancer.server.port=80"
+
+volumes:
+  postgres_data:
+    driver: local
+networks:
+  traefik:
+    external: true
+  internal:
+    driver: bridge