diff --git a/Dockerfile b/Dockerfile
index 89c78516fcfeb5340fcb7aa33a2501f9f8327811..2e70ed7d6962afa38776d29176c2e06a3f814dcc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,10 +11,14 @@ WORKDIR /app
 
 COPY poetry.lock pyproject.toml /app/
 
-RUN apt-get update && apt-get install -y curl gcc graphviz ldap-utils libldap2-dev libmagic1 libsasl2-dev make
-RUN python -m venv ${POETRY_HOME}
-RUN pip install poetry==1.7.0
-RUN poetry install
+RUN apt-get update && \
+  apt-get install --yes --no-install-recommends curl gcc graphviz ldap-utils libldap2-dev \
+    libmagic1 libsasl2-dev make && \
+  python -m venv ${POETRY_HOME} && \
+  pip install --no-cache-dir poetry==1.7.1 && \
+  poetry install && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/*
 
 EXPOSE 8000
 
@@ -24,25 +28,23 @@ COPY . .
 
 VOLUME ["/app"]
 
-# run with Django's development server
+# run with Django’s development server
 CMD ["run.dev"]
 
 FROM base AS prod
 
 COPY . .
 
-RUN adduser --home /app --no-create-home --system --uid ${AURA_UID} --group app
-RUN mkdir -p /app/logs
-# static/admin and site_media are named volumes which we use across multiple
-# containers. We therefore create them here and set the permissions right away
-# since named volumes otherwise create these directories themself as the root 
-# user.
-RUN mkdir -p /app/static/admin
-RUN mkdir -p /app/site_media
-# set permissions
-RUN chown -R app:app /app
+RUN adduser --home /app --no-create-home --system --uid ${AURA_UID} --group app && \
+  # static and site_media are named volumes which we use across multiple
+  # containers. We therefore create them here and set the permissions right away
+  # since named volumes otherwise create these directories themself as the root
+  # user.
+  mkdir -p /app/{logs,static,site_media} && \
+  chown -R app:app /app
 
 USER app
+
 # run with gunicorn
 CMD ["run.prod"]