diff --git a/Dockerfile b/Dockerfile
index 405d99f146d9b01a5dc6c336b89a711df86b65bb..3726769da73dfa2ce275d5bb8adc944cd6777978 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,29 @@
-FROM debian:testing
+FROM pandoc/latex
 
-RUN apt-get update -y
-RUN apt-get install -y pandoc texlive-full make nodejs npm
-RUN npm install --global mermaid-filter
+RUN apk add --no-cache \
+    make \
+    nodejs \
+    npm
+
+RUN npm install mermaid-filter
+
+ENV PATH=${PATH}:/data/node_modules/.bin
+
+RUN tlmgr install textpos
+
+ARG GID=1000
+ARG UID=1000
+
+# Add user so we don't need --no-sandbox.
+RUN addgroup -S pptruser -g $GID && adduser -S -G pptruser -u $UID pptruser \
+    && mkdir -p /home/pptruser \
+    && chown -R pptruser:pptruser /home/pptruser \
+    && chown -R pptruser:pptruser /data \
+    && chmod o+w /opt/texlive/texdir/texmf-var
+
+# Run everything after as non-privileged user.
+USER pptruser
+WORKDIR /home/pptruser
+COPY puppeteerConfigFile.json /home/pptruser/.puppeteer.json
+
+ENTRYPOINT /bin/sh
diff --git a/puppeteerConfigFile.json b/puppeteerConfigFile.json
new file mode 100644
index 0000000000000000000000000000000000000000..7efcdaf8a8c796b9b6bc2af03b45c0e20e34f254
--- /dev/null
+++ b/puppeteerConfigFile.json
@@ -0,0 +1,7 @@
+{
+  "args": [
+    "--no-sandbox",
+    "--disable-setuid-sandbox",
+    "--disable-dev-shm-usage"
+  ],
+}