diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 449fa6c..7280ff4 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -19,8 +19,10 @@ jobs:
         env:
           TOKEN: ${{ github.token }}
           REF: ${{ github.ref }}
+          GIT_SSL_NO_VERIFY: "true"
         run: |
           git init
+          git remote remove origin 2>/dev/null || true
           git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
           git config http.extraheader "Authorization: Bearer ${TOKEN}"
           git fetch --depth=1 origin "${REF}"
@@ -28,8 +30,10 @@ jobs:
 
       - name: Docker Build Test
         env:
+          NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           docker build \
+            --build-arg NODE_IMAGE="$NODE_IMAGE" \
             --build-arg NPM_TOKEN="$NPM_TOKEN" \
             -t soroushasadi-site:test .
\ No newline at end of file
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 17b13e6..350b427 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -19,6 +19,7 @@ jobs:
         env:
           TOKEN: ${{ github.token }}
           REF: ${{ github.ref }}
+          GIT_SSL_NO_VERIFY: "true"
         run: |
           git init
           git remote remove origin 2>/dev/null || true
@@ -39,6 +40,8 @@ jobs:
           EOF
 
       - name: Build Container
+        env:
+          NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
         run: |
           docker compose build
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 5d8ecc3..afcf3e0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,13 +1,12 @@
+name: soroushasadi
+
 services:
   web:
     build:
       context: .
       dockerfile: Dockerfile
       args:
-        # Pull the base image through the Nexus docker-group proxy. Override per
-        # environment, e.g. NODE_IMAGE=node:20-slim docker compose build.
-        NODE_IMAGE: node:20-slim
-        # Optional Nexus npm-group token, consumed only by the deps stage.
+        NODE_IMAGE: ${NODE_IMAGE:-mirror.soroushasadi.com/repository/docker-group/node:20-slim}
         NPM_TOKEN: ${NPM_TOKEN:-}
     image: soroushasadi-site:latest
     container_name: soroushasadi-site
@@ -17,21 +16,20 @@ services:
     environment:
       NODE_ENV: production
       DATA_DIR: /data
-      # Set these in a sibling .env file (NOT committed) or your host env.
       ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD}
       ADMIN_SESSION_SECRET: ${ADMIN_SESSION_SECRET:?set ADMIN_SESSION_SECRET}
       RESEND_API_KEY: ${RESEND_API_KEY:-}
       CONTACT_INBOX: ${CONTACT_INBOX:-}
       CONTACT_FROM: ${CONTACT_FROM:-}
     volumes:
-      # SQLite content DB + uploaded media persist across rebuilds.
       - cms-data:/data
     healthcheck:
-      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000"]
+      test: ["CMD", "node", "-e",
+        "fetch('http://127.0.0.1:3000/').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
       interval: 30s
-      timeout: 5s
+      timeout: 10s
       retries: 3
-      start_period: 20s
+      start_period: 30s
 
 volumes:
   cms-data: