diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 94c3ffb..b1d88d3 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,7 +12,7 @@ updates:
     schedule:
       interval: "weekly"
 
-  # Dependencies listed in Dockerfile
+  # Dependencies listed in Dockerfile.ovpn-admin
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
diff --git a/.github/workflows/publish-latest.yaml b/.github/workflows/publish-latest.yaml
index ad1f8e4..2596741 100644
--- a/.github/workflows/publish-latest.yaml
+++ b/.github/workflows/publish-latest.yaml
@@ -24,12 +24,12 @@ jobs:
         with:
           tags: flant/ovpn-admin:openvpn-latest
           platforms: linux/amd64,linux/arm64,linux/arm
-          file:  Dockerfile.openvpn
+          file: Dockerfile.ovpn-admin
           push: true
       - name: Push ovpn-admin image to Docker Hub
         uses: docker/build-push-action@v4
         with:
           tags: flant/ovpn-admin:latest
           platforms: linux/amd64,linux/arm64,linux/arm
-          file: Dockerfile
-          push: true
\ No newline at end of file
+          file: Dockerfile.openvpn
+          push: true
diff --git a/.github/workflows/publish-tag.yaml b/.github/workflows/publish-tag.yaml
index 06bdaef..f02f0f4 100644
--- a/.github/workflows/publish-tag.yaml
+++ b/.github/workflows/publish-tag.yaml
@@ -1,4 +1,4 @@
-name: Build and publish tags to Docker Hub (tags only)
+name: Build and publish tags to ghcr.io
 on:
   push:
     tags:
@@ -8,32 +8,65 @@ jobs:
   build:
     name: build images for tag
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - dockerfile: ./Dockerfile.ovpn-admin
+          image: ovpn-admin
+        - dockerfile: ./Dockerfile.openvpn
+          image: openvpn
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
+
       - name: Get the version
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3.3.0
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_PASS }}
-      - name: Push openvpn image to Docker Hub
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DECKHOUSE_REGISTRY_USER }}
+          password: ${{ secrets.DECKHOUSE_REGISTRY_PASSWORD }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5.6.1
+        with:
+          images: ghcr.io/${{ github.repository }}/${{ matrix.image }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6.10.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            TAG=${{ github.ref_name }}
+
+      - name: Push Image
         uses: docker/build-push-action@v4
         with:
-          tags: flant/ovpn-admin:openvpn-${{ steps.get_version.outputs.VERSION }}
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            TAG=${{ github.ref_name }}
           platforms: linux/amd64,linux/arm64,linux/arm
-          file: Dockerfile.openvpn
-          push: true
-      - name: Push ovpn-admin image to Docker Hub
-        uses: docker/build-push-action@v4
-        with:
-          tags: flant/ovpn-admin:${{ steps.get_version.outputs.VERSION }}
-          platforms: linux/amd64,linux/arm64,linux/arm
-          file: Dockerfile
-          push: true
\ No newline at end of file
+          file: ${{ matrix.dockerfile }}
diff --git a/Dockerfile b/Dockerfile.ovpn-admin
similarity index 96%
rename from Dockerfile
rename to Dockerfile.ovpn-admin
index aac416c..87ddf27 100644
--- a/Dockerfile
+++ b/Dockerfile.ovpn-admin
@@ -1,11 +1,11 @@
 FROM node:16-alpine3.15 AS frontend-builder
-COPY frontend/ /app
+COPY ../frontend /app
 RUN apk add --update python3 make g++ && cd /app && npm install && npm run build
 
 FROM golang:1.17.3-buster AS backend-builder
 RUN go install github.com/gobuffalo/packr/v2/packr2@latest
 COPY --from=frontend-builder /app/static /app/frontend/static
-COPY . /app
+COPY .. /app
 ARG TARGETARCH
 RUN cd /app && packr2 && env CGO_ENABLED=1 GOOS=linux GOARCH=${TARGETARCH} go build -a -tags netgo -ldflags '-linkmode external -extldflags -static -s -w' -o ovpn-admin && packr2 clean
 
diff --git a/werf.yaml b/werf.yaml
index 0ce7199..1a051b6 100644
--- a/werf.yaml
+++ b/werf.yaml
@@ -1,10 +1,10 @@
 project: ovpn-admin
 configVersion: 1
-
 ---
 image: ovpn-admin
-dockerfile: Dockerfile
-
+dockerfile: Dockerfile.ovpn-admin
+context: .
 ---
 image: openvpn
 dockerfile: Dockerfile.openvpn
+context: .