diff --git a/openvoxserver/Containerfile b/openvoxserver/Containerfile
index 6153ef3..e97ed9a 100644
--- a/openvoxserver/Containerfile
+++ b/openvoxserver/Containerfile
@@ -68,6 +68,7 @@ ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \
     OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \
     ENVIRONMENTPATH=/etc/puppetlabs/code/environments \
     HIERACONFIG='$confdir/hiera.yaml' \
+    HOME=/home/puppet \
     CSR_ATTRIBUTES='{}'
 
 COPY docker-entrypoint.sh \
@@ -114,6 +115,27 @@ COPY conf.d/puppetserver.conf \
 
 COPY puppetdb.conf /var/tmp/puppet/
 
+RUN chown -R puppet /etc/puppetlabs/puppetserver && \
+        chown -R puppet:puppet /var/tmp/puppet && \
+        chown -R puppet:puppet /opt/puppetlabs && \
+        chown -R puppet:puppet /usr/local/bin && \
+        chown -R puppet:puppet /var/lib/gems && \
+        chown -R puppet:puppet /etc/puppetlabs && \
+        chown -R puppet:puppet /var/tmp/puppetserver && \
+        chown -R puppet:puppet /etc/default && \
+        chown -R puppet:puppet /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d
+
+USER puppet
+
+RUN mkdir -p /home/puppet/.puppetlabs && \
+        ln -s /etc/puppetlabs /home/puppet/.puppetlabs/etc && \
+        ln -s /opt/puppetlabs /home/puppet/.puppetlabs/opt
+
+#We need to tell puppet to use the default installation for the non-root user.
+RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf && \
+	puppet config set cadir /etc/puppetlabs/puppetserver/ca/
+
+WORKDIR /home/puppet
 # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK
 HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"]
 
diff --git a/openvoxserver/Containerfile.debian b/openvoxserver/Containerfile.debian
new file mode 100644
index 0000000..d7f1733
--- /dev/null
+++ b/openvoxserver/Containerfile.debian
@@ -0,0 +1,147 @@
+ARG UBUNTU_VERSION=24.04
+ARG DEBIAN_VERSION=12
+FROM ubuntu:${UBUNTU_VERSION} AS builder
+
+ARG BUILD_PKGS="ruby3.2-dev gcc make cmake pkg-config libssl-dev libc6-dev libssh2-1-dev"
+ARG R10K_VERSION=5.0.0
+ARG RUGGED_VERSION=1.9.0
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends $BUILD_PKGS && \
+    gem install --no-doc r10k -v $R10K_VERSION && \
+    gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh
+
+FROM debian:${DEBIAN_VERSION} AS final
+
+ARG vcs_ref
+ARG build_type
+ARG build_date
+ARG PACKAGES="git netbase openjdk-17-jre-headless openssh-client libssh2-1 dumb-init net-tools adduser"
+ARG TARGETARCH
+ARG OPENVOX_RELEASE=8
+ARG OPENVOXSERVER_VERSION=8.8.0
+ARG OPENVOXAGENT_VERSION=8.11.0
+ARG OPENVOXDB_VERSION=8.9.0
+ARG OPENVOX_USER_UID=999
+ARG OPENVOX_USER_GID=999
+ARG UBUNTU_VERSION=24.04
+ARG DEBIAN_VERSION=12
+
+LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
+      org.label-schema.vendor="OpenVoxProject" \
+      org.label-schema.url="https://github.com/OpenVoxProject/container-openvoxserver" \
+      org.label-schema.vcs-url="https://github.com/OpenVoxProject/container-openvoxserver" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.dockerfile="/Containerfile" \
+      org.label-schema.name="OpenVox Server ($build_type)" \
+      org.label-schema.version="$OPENVOXSERVER_VERSION" \
+      org.label-schema.vcs-ref="$vcs_ref" \
+      org.label-schema.build-date="$build_date"
+
+ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \
+    PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \
+    SSLDIR=/etc/puppetlabs/puppet/ssl \
+    LOGDIR=/var/log/puppetlabs/puppetserver \
+    OPENVOXSERVER_HOSTNAME="" \
+    CERTNAME="" \
+    DNS_ALT_NAMES="" \
+    OPENVOXSERVER_PORT=8140 \
+    AUTOSIGN=true \
+    OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \
+    OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \
+    CA_ENABLED=true \
+    CA_TTL=157680000 \
+    CA_HOSTNAME=puppet \
+    CA_PORT=8140 \
+    CA_ALLOW_SUBJECT_ALT_NAMES=false \
+    INTERMEDIATE_CA=false \
+    INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \
+    INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \
+    INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \
+    USE_OPENVOXDB=true \
+    OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \
+    OPENVOX_STORECONFIGS_BACKEND="puppetdb" \
+    OPENVOX_STORECONFIGS=true \
+    OPENVOX_REPORTS="puppetdb" \
+    OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \
+    OPENVOXSERVER_GRAPHITE_PORT=9109 \
+    OPENVOXSERVER_GRAPHITE_HOST=exporter \
+    OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \
+    OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \
+    ENVIRONMENTPATH=/etc/puppetlabs/code/environments \
+    HIERACONFIG='$confdir/hiera.yaml' \
+    HOME=/home/puppet \
+    CSR_ATTRIBUTES='{}'
+
+COPY docker-entrypoint.sh \
+     healthcheck.sh \
+     Containerfile \
+     /
+
+COPY docker-entrypoint.d /docker-entrypoint.d
+COPY --from=builder /var/lib/gems/ /var/lib/gems/
+COPY --from=builder /usr/local/bin/r10k /usr/local/bin/
+
+#ADD https://apt.overlookinfratech.com/openvox${OPENVOX_RELEASE}-release-ubuntu${UBUNTU_VERSION}.deb /
+ADD https://apt.overlookinfratech.com/openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb /
+RUN apt update && apt install -y ca-certificates && \
+	dpkg -i /openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb && \
+	rm -f /openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb
+
+RUN groupadd -g ${OPENVOX_USER_GID} puppet && \
+    useradd -m -u ${OPENVOX_USER_UID} -g puppet puppet && \
+    chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \
+    apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y $PACKAGES && \
+    apt-get install -y openvox-agent=${OPENVOXAGENT_VERSION}-1+debian${DEBIAN_VERSION} && \
+    apt-get install -y openvox-server=${OPENVOXSERVER_VERSION}-1+debian${DEBIAN_VERSION} && \
+    apt-get install -y openvoxdb-termini=${OPENVOXDB_VERSION}-1+debian${DEBIAN_VERSION} && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    cp -pr /etc/puppetlabs/puppet /var/tmp && \
+    cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \
+    rm -rf /var/tmp/puppet/ssl
+
+# needs to be copied after package installation
+COPY puppetserver /etc/default/puppetserver
+
+COPY logback.xml \
+     request-logging.xml \
+     /etc/puppetlabs/puppetserver/
+
+COPY conf.d/puppetserver.conf \
+     conf.d/product.conf \
+     /etc/puppetlabs/puppetserver/conf.d/
+
+COPY puppetdb.conf /var/tmp/puppet/
+
+RUN chown -R puppet /etc/puppetlabs/puppetserver && \
+        chown -R puppet:puppet /var/tmp/puppet && \
+        chown -R puppet:puppet /opt/puppetlabs && \
+        chown -R puppet:puppet /usr/local/bin && \
+        chown -R puppet:puppet /var/lib/gems && \
+        chown -R puppet:puppet /etc/puppetlabs && \
+        chown -R puppet:puppet /var/tmp/puppetserver && \
+        chown -R puppet:puppet /etc/default && \
+        chown -R puppet:puppet /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d
+
+USER puppet
+
+RUN mkdir -p /home/puppet/.puppetlabs && \
+        ln -s /etc/puppetlabs /home/puppet/.puppetlabs/etc && \
+        ln -s /opt/puppetlabs /home/puppet/.puppetlabs/opt
+
+RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf && \
+	puppet config set cadir /etc/puppetlabs/puppetserver/ca/
+WORKDIR /home/puppet
+
+# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK
+HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"]
+
+# NOTE: this is just documentation on defaults
+EXPOSE 8140
+
+ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"]
+CMD ["foreground"]