diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 0000000..96c1cbe
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1 @@
+opentofu 1.8.0
diff --git a/Makefile b/Makefile
index e46bb27..af69dad 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,8 @@ ECR_ACCOUNT_URL ?= 063932952339.dkr.ecr.us-west-2.amazonaws.com
 VERSION ?=`git describe`
 PORT ?= 8080
 
+TARGET_SERVER ?= sobeck.jdb-software.com
+
 default: serve-docker
 
 build: $(SOURCES)
@@ -33,3 +35,16 @@ serve-docker: build-image
 
 ecr-auth:
 	aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin $(ECR_ACCOUNT_URL)
+
+publish:
+	-mkdir deploy
+	m4 -D "TOCLERBE_VERSION=$(VERSION)" \
+		toclerbe.service \
+		> deploy/toclerbe.service
+	-ssh deployer@$(TARGET_SERVER) "docker stop toclerbe.service && sudo systemctl stop toclerbe"
+	ssh deployer@$(TARGET_SERVER) "aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $(ECR_ACCOUNT_URL) && docker pull $(ECR_ACCOUNT_URL)/toclerbe:$(VERSION)"
+	scp \
+		deploy/toclerbe.service \
+		deployer@$(TARGET_SERVER):/etc/systemd/system/toclerbe.service
+	ssh deployer@$(TARGET_SERVER) "sudo systemctl daemon-reload"
+	ssh deployer@$(TARGET_SERVER) "sudo systemctl start toclerbe"
diff --git a/operations/terraform/ecs.tf b/operations/terraform/ecs.tf
deleted file mode 100644
index 7d64942..0000000
--- a/operations/terraform/ecs.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-resource "aws_secretsmanager_secret" "toclerbe" {
-  name  = "${var.app_name}-config"
-}
-
-resource "aws_efs_mount_target" "ortis" {
-  file_system_id  = data.terraform_remote_state.jdbsoft.outputs.sobeck-efs.id
-  subnet_id       = data.terraform_remote_state.jdbsoft.outputs.aws_subnet_private2.id
-  security_groups = [ data.terraform_remote_state.jdbsoft.outputs.aws_security_group_private_traffic.id ]
-}
-
-
-resource "aws_ecs_task_definition" "toclerbe" {
-  family                    = var.app_name
-  network_mode              = "bridge"
-  requires_compatibilities  = ["EC2"]
-  execution_role_arn        = aws_iam_role.ecs_task.arn
-
-  # See https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
-  container_definitions = jsonencode([
-    {
-      name              = var.app_name
-      image             = "${aws_ecr_repository.toclerbe.repository_url}:${data.external.git_describe.result.version}"
-      cpu               = 128
-      memory            = 128
-      memoryReservation = 32
-      environment       = [
-        {
-          name  = "TOCLERBE_PORT"
-          value = "80"
-        }
-      ]
-      mountPoints       = [
-        {
-          containerPath = "/data"
-          sourceVolume  = "efs-toclerbe-data"
-        }
-      ]
-      portMappings      = [
-        {
-          protocol      = "tcp"
-          containerPort = 80
-        }
-      ]
-      secrets           = [
-        {
-          name        = "TOCLERBE_API_KEYS"
-          description = "API keys allowed to configure the service.."
-          valueFrom   = "${aws_secretsmanager_secret.toclerbe.arn}:apiKeys::"
-        }
-      ]
-    }
-  ])
-
-  volume {
-    name = "efs-toclerbe-data"
-
-    efs_volume_configuration {
-      file_system_id = data.terraform_remote_state.jdbsoft.outputs.sobeck-efs.id
-      root_directory = "/toclerbe/data"
-    }
-  }
-
-  tags = {
-    Name        = var.app_domain
-  }
-}
-
-resource "aws_ecs_service" "toclerbe" {
-  name            = var.app_name
-  cluster         = data.terraform_remote_state.jdbsoft.outputs.aws_ecs_cluster_ortis.id
-  task_definition = aws_ecs_task_definition.toclerbe.arn
-  desired_count   = 1
-  launch_type     = "EC2"
-
-  load_balancer {
-    target_group_arn  = aws_lb_target_group.toclerbe.arn
-    container_name    = var.app_name
-    container_port    = 80
-  }
-
-  tags = {
-    Name        = var.app_domain
-  }
-}
diff --git a/operations/terraform/iam.tf b/operations/terraform/iam.tf
deleted file mode 100644
index f66eaee..0000000
--- a/operations/terraform/iam.tf
+++ /dev/null
@@ -1,68 +0,0 @@
-resource "aws_iam_role" "ecs_task" {
-  name  = "${var.app_name}-EcsTaskRole"
-
-  assume_role_policy = jsonencode({
-    Version   = "2012-10-17"
-    Statement = [
-      {
-        Action    = "sts:AssumeRole"
-        Effect    = "Allow"
-        Sid       = ""
-        Principal = {
-          Service = "ecs-tasks.amazonaws.com"
-        }
-      }
-    ]
-  })
-
-  inline_policy {
-    name    = "AllowSecretsAccessFor${var.app_name}Tasks"
-    policy  = jsonencode({
-      Version   = "2012-10-17"
-      Statement = [
-        {
-          Effect    = "Allow"
-          Action    = [
-            "secretsmanager:GetSecretValue",
-            "kms:Decrypt"
-          ]
-          Resource  = [
-            aws_secretsmanager_secret.toclerbe.arn
-          ]
-        }
-      ]
-    })
-  }
-
-  inline_policy {
-    name    = "AllowAccessToEcrFor${var.app_name}Tasks"
-    policy  = jsonencode({
-      Version   = "2012-10-17"
-      Statement = [
-        {
-          Effect    = "Allow"
-          Action    = [
-            "ecr:GetAuthorizationToken"
-          ]
-          Resource  = [ "*" ]
-        },
-        {
-          Effect    = "Allow"
-          Action    = [
-            "ecr:BatchGetImage",
-            "ecr:BatchCheckLayerAvailability",
-            "ecr:DescribeImages",
-            "ecr:GetDownloadUrlForLayer"
-          ]
-          Resource  = [
-            aws_ecr_repository.toclerbe.arn
-          ]
-        }
-      ]
-    })
-  }
-
-  tags = {
-    Name        = "${var.app_name}-EcsTaskRole"
-  }
-}
diff --git a/operations/terraform/load-balancer.tf b/operations/terraform/load-balancer.tf
index db53e2f..185bbe9 100644
--- a/operations/terraform/load-balancer.tf
+++ b/operations/terraform/load-balancer.tf
@@ -44,3 +44,9 @@ resource "aws_lb_listener_certificate" "toclerbe" {
   listener_arn    = data.terraform_remote_state.jdbsoft.outputs.aws_lb_listener_https.arn
   certificate_arn = aws_acm_certificate.clerbe.arn
 }
+
+resource "aws_lb_target_group_attachment" "toclerbe" {
+  target_group_arn  = aws_lb_target_group.toclerbe.arn
+  target_id         = data.terraform_remote_state.jdbsoft.outputs.sobeck-instance-id
+  port              = 6001
+}
diff --git a/prod.env b/prod.env
new file mode 100644
index 0000000..45bcea1
--- /dev/null
+++ b/prod.env
@@ -0,0 +1,2 @@
+TOCLERBE_PORT=80
+TOCLERBE_API_KEYS=CHANGEME
diff --git a/server-setup.sh b/server-setup.sh
new file mode 100644
index 0000000..37965b2
--- /dev/null
+++ b/server-setup.sh
@@ -0,0 +1,16 @@
+# From dev machine
+cd ~/projects/to.cler.be
+scp prod.env sobeck.jdb-software.com:~/temp/to.cler.be.prod.env
+scp to.cler.be.service sobeck.jdb-software.com:~/temp/to.cler.be.service
+
+# SSH into sobeck
+sudo mkdir /etc/to.cler.be
+sudo mv temp/to.cler.be.prod.env /etc/to.cler.be/prod.env
+sudo mv temp/toclerbe.service /etc/systemd/system/toclerbe.service
+sudo chown root:root /etc/to.cler.be/*
+
+sudo vim /etc/to.cler.be/prod.env # add value for API keys, etc.
+
+sudo systemctl daemon-reload
+sudo systemctl enable toclerbe
+sudo systemctl start toclerbe
diff --git a/toclerbe.service b/toclerbe.service
new file mode 100644
index 0000000..00682d5
--- /dev/null
+++ b/toclerbe.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=to.cler.be URL shortener
+After=network-online.target
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker exec %n stop
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --rm -p 6001:80 --name %n \
+  --env-file /etc/to.cler.be/prod.env \
+  -v /efs/toclerbe/data:/data \
+  063932952339.dkr.ecr.us-west-2.amazonaws.com/to.cler.be:TOCLERBE_VERSION
+ExecStop=/usr/bin/docker stop --name %n
+
+[Install]
+WantedBy=default.target