diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..45b713d
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,60 @@
+name: Publish Image
+
+on: 
+  release:
+    types: [published]
+
+# Ensure only the most recent workflow runs.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  publish_to_ghcr:
+    name: Publish image to ghcr.io
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out
+        uses: actions/checkout@v3
+
+      - name: Lowercase repo owner
+        id: lowercase_repo_owner
+        uses: ASzc/change-string-case-action@v1
+        with:
+          string: ${{ github.repository_owner }}
+
+      - name: Setup Image Metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ghcr.io/${{ steps.lowercase_repo_owner.outputs.lowercase }}/agent-tunnel
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Log in to the GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build and Push to Docker ghcr.io
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          file: Dockerfile
+          context: .
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
index fad6415..b1c5807 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,18 @@
-FROM node:17.0.1-alpine3.14 AS base
+FROM node:20.10.0-bullseye-slim AS base
 WORKDIR /app
-RUN apk update && apk add yarn
+RUN apt-get update && apt-get install -y yarn && apt-get clean
 COPY package.json ./
 COPY yarn.lock ./
 ENV NODE_ENV production
 RUN yarn install --production=true
 
-FROM node:17.0.1-alpine3.14
+FROM node:20.10.0-bullseye-slim
 LABEL author="Daniel Bluhm <dbluhm@pm.me>"
 LABEL description="Wrapper around localtunnel providing URL retrieval over HTTP"
 WORKDIR /app
 
 COPY --from=base /app/node_modules /app/node_modules
-RUN apk update --no-cache && apk add dumb-init
+RUN apt-get update && apt-get install dumb-init
 USER node
 COPY wait.sh /wait.sh
 COPY --chown=node:node index.js ./
diff --git a/index.js b/index.js
index 289b43b..39ad456 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,5 @@
 const express = require('express')
-const localtunnel = require('localtunnel')
+const localtunnel = require('@security-patched/localtunnel')
 const morgan = require('morgan')
 const { exit } = require('yargs')
 const yargs = require('yargs')
diff --git a/package.json b/package.json
index 98ce25e..892cf6b 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,8 @@
     "husky": "^7.0.0"
   },
   "scripts": {
-    "prepare": "husky install"
+    "prepare": "husky install",
+    "start": "node index.js"
   },
   "husky": {
     "hooks": {