diff --git a/deploy/docker/Dockerfile.server b/deploy/docker/Dockerfile.server
index 4d5c33c..30de39d 100644
--- a/deploy/docker/Dockerfile.server
+++ b/deploy/docker/Dockerfile.server
@@ -1,26 +1,8 @@
-# BetterFrame server — BSB container with built plugins.
+# BetterFrame server — BSB container with plugins installed at
+# /mnt/bsb-plugins/node_modules/@betterframe/server/
 #
-# sec-config.yaml is generated at build time from sec-config.template.yaml
-# via envsubst. Secrets come from Coolify build args (set in UI, not in git).
-#
-# Build args (set in Coolify UI as secrets):
-#   BF_PG_PASSWORD          postgres password
-#   BF_FIRMWARE_SIGNING_KEY Ed25519 PEM for firmware signing
-#   BF_FIRMWARE_IMPORT_API_KEY  CI bearer token
-#   BF_OTA_IMPORT_API_KEY       CI bearer token
-#   BF_MQTT_URL             mqtt://broker:1883 (optional)
-#   BF_MQTT_USERNAME        (optional)
-#   BF_MQTT_PASSWORD        (optional)
-#
-# Non-secret build args (defaults work for standard compose):
-#   BF_DB_DRIVER            postgres|sqlite (default: postgres)
-#   BF_PG_HOST              (default: postgres)
-#   BF_PG_PORT              (default: 5432)
-#   BF_PG_DATABASE          (default: betterframe)
-#   BF_PG_USER              (default: betterframe)
-#   BF_NODERED_URL          (default: http://nodered:1880)
-#   BF_SELF_URL             (default: http://server:18080)
-#   BF_SERVER_VERSION       (default: dev)
+# sec-config.yaml generated at build time from template + build args.
+# Secrets come from Coolify build args (set in UI, not in git).
 
 FROM node:24-trixie-slim AS builder
 
@@ -43,7 +25,6 @@ RUN npm run build
 # ---- Runtime ----
 FROM betterweb/service-base:node
 
-# All config build args — secrets set in Coolify UI, not in git
 ARG BF_SERVER_VERSION=dev
 ARG BF_DB_DRIVER=postgres
 ARG BF_PG_HOST=postgres
@@ -62,17 +43,16 @@ ARG BF_MQTT_USERNAME=
 ARG BF_MQTT_PASSWORD=
 ARG BF_MQTT_TOPIC_PREFIX=betterframe
 
-# Install extras (Alpine base) — run as root before BSB drops privileges
 RUN apk add --no-cache gettext ffmpeg
 
 RUN mkdir -p /var/lib/betterframe && chown 1000:1000 /var/lib/betterframe
 
-# Copy built plugin + deps into BSB workdir
-COPY --from=builder /app/node_modules /home/bsb/node_modules
-COPY --from=builder /app/server/lib /home/bsb/lib
-COPY --from=builder /app/server/bsb-plugin.json /home/bsb/bsb-plugin.json
-COPY --from=builder /app/server/package.json /home/bsb/package.json
-COPY --from=builder /app/tsconfig.base.json /home/bsb/tsconfig.base.json
+# Install plugin at BSB external plugin path
+COPY --from=builder /app/server/package.json /mnt/bsb-plugins/node_modules/@betterframe/server/package.json
+COPY --from=builder /app/server/bsb-plugin.json /mnt/bsb-plugins/node_modules/@betterframe/server/bsb-plugin.json
+COPY --from=builder /app/server/lib /mnt/bsb-plugins/node_modules/@betterframe/server/lib
+COPY --from=builder /app/node_modules /mnt/bsb-plugins/node_modules/@betterframe/server/node_modules
+COPY --from=builder /app/tsconfig.base.json /mnt/bsb-plugins/node_modules/@betterframe/server/tsconfig.base.json
 
 # Generate sec-config.yaml from template + build args
 COPY sec-config.template.yaml /tmp/sec-config.template.yaml
@@ -80,7 +60,6 @@ RUN envsubst < /tmp/sec-config.template.yaml > /home/bsb/sec-config.yaml \
     && chmod 444 /home/bsb/sec-config.yaml \
     && rm /tmp/sec-config.template.yaml
 
-# Bake version
 RUN echo "$BF_SERVER_VERSION" > /home/bsb/.bf-version
 
 ENV NODE_ENV=production