diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..5b671c40
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+README.md
+.gitignore
+bin
+coverage.txt
+*.test
+*.out
+.travis-releases
diff --git a/docker/Dockerfile.step-ca b/docker/Dockerfile.step-ca
index 5d8fdacd..6e902b68 100644
--- a/docker/Dockerfile.step-ca
+++ b/docker/Dockerfile.step-ca
@@ -1,24 +1,27 @@
 FROM golang:alpine AS builder
 
-RUN mkdir /src
-ADD . /src
+WORKDIR /src
+COPY . .
 
-RUN apk add --no-cache make git curl && \
-    cd /src && \
-    make V=1 bin/step-ca 
+RUN apk add --no-cache \
+   curl \
+   git \
+   make && \
+   make V=1 bin/step-ca
 
 FROM smallstep/step-cli:latest
 
 COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
 
-ENV CONFIGPATH="/home/step/config/ca.json"
-ENV PWDPATH="/home/step/secrets/password"
-
 USER root
 RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
 USER step
 
+ENV CONFIGPATH="/home/step/config/ca.json"
+ENV PWDPATH="/home/step/secrets/password"
+
 VOLUME ["/home/step"]
 STOPSIGNAL SIGTERM
+HEALTHCHECK CMD curl --cacert /home/step/certs/root_ca.crt -sSf https://localhost/health >/dev/null || exit 1
 
 CMD exec /bin/sh -c "/usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH"