diff --git a/pica-codimd/Dockerfile b/pica-codimd/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c7d9fdccce767d6c04fb58c211595e830e8664c1
--- /dev/null
+++ b/pica-codimd/Dockerfile
@@ -0,0 +1,43 @@
+FROM node:10.22.1-alpine3.11 as BUILD
+
+ENV VERSION=2.2.0
+
+RUN apk add --no-cache --virtual .gyp libressl-dev git bash python make && \
+wget https://github.com/hackmdio/codimd/archive/$VERSION.tar.gz && \
+tar xzf $VERSION.tar.gz -C /opt && \
+mv /opt/codimd-$VERSION /opt/codimd
+
+RUN cd /opt/codimd && npm install && \
+    npm run build && \
+    cp ./deployments/docker-entrypoint.sh ./ && \
+    cp .sequelizerc.example .sequelizerc && \
+    rm -rf .git .gitignore .travis.yml .dockerignore .editorconfig .babelrc .mailmap .sequelizerc.example \
+        test docs contribute \
+        package-lock.json webpack.prod.js webpack.htmlexport.js webpack.dev.js webpack.common.js \
+        config.json.example README.md CONTRIBUTING.md AUTHORS node_modules
+
+FROM node:10.22.1-alpine3.11
+
+RUN addgroup --gid 1500 codimd && \
+    adduser -u 1500 -G codimd -D codimd && \
+    mkdir /home/$USER_NAME/.npm && \
+    echo "prefix=/home/codimd/.npm/" > /home/$USER_NAME/.npmrc && \
+    mkdir -p /home/codimd/app && \
+    chown -R codimd:codimd /home/codimd && \
+    apk add --no-cache git bash python && \
+    wget https://github.com/hackmdio/portchecker/releases/download/v1.0.5/portchecker-linux-amd64.tar.gz && \
+    tar xvf portchecker-linux-amd64.tar.gz -C /usr/local/bin && \
+    mv /usr/local/bin/portchecker-linux-amd64 /usr/local/bin/pcheck && \
+    rm portchecker-linux-amd64.tar.gz
+
+USER codimd
+
+WORKDIR /home/codimd/app
+
+COPY --chown=1500:1500 --from=BUILD /opt/codimd .
+
+RUN npm install --production && npm cache clean --force && rm -rf /tmp/{core-js-banners,phantomjs}
+
+EXPOSE 3000
+
+ENTRYPOINT ["/home/codimd/app/docker-entrypoint.sh"]
diff --git a/pica-codimd/docker-compose.yml b/pica-codimd/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..78d60a73fbe5e17301a00f4d9dc43af3bdb70d09
--- /dev/null
+++ b/pica-codimd/docker-compose.yml
@@ -0,0 +1,49 @@
+version: '3'
+services:
+  codimd-db:
+    image: postgres:11.6-alpine
+    container_name: codimd-db
+    networks:
+      - codimd
+    volumes:
+      - codimd-db:/var/lib/postrgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file: ./secrets/codimd-db.secrets.example
+    restart: always
+
+  codimd-app:
+    image: pica-codimd
+    build: .
+    container_name: codimd-app
+    volumes:
+      - codimd-data:/home/codimd/app/public/uploads
+    depends_on:
+      - codimd-db
+    env_file: ./secrets/codimd-db.secrets.example
+    environment:
+      - CMD_USECDN=false
+      - CMD_DOMAIN=md.picasoft.net
+      - CMD_ALLOW_ANONYMOUS=true
+      - CMD_ALLOW_ANONYMOUS_EDITS=true
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_CSP_ENABLE=false
+    networks:
+      - proxy
+      - codimd
+    labels:
+      traefik.http.routers.codimd-app.entrypoints: websecure
+      traefik.http.routers.codimd-app.rule: Host(`md.picasoft.net`)
+      traefik.http.services.codimd-app.loadbalancer.server.port: 3000
+      traefik.enable: true
+    restart: always
+
+networks:
+  proxy:
+    external: true
+  codimd:
+
+volumes:
+  codimd-db:
+    external: true
+  codimd-data:
+    external: true
diff --git a/pica-codimd/secrets/codimd-db.secrets.example b/pica-codimd/secrets/codimd-db.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..a986a290e6c04fdb63a6e588ca0bba83c9b928b1
--- /dev/null
+++ b/pica-codimd/secrets/codimd-db.secrets.example
@@ -0,0 +1,5 @@
+POSTGRES_USER=codimd
+POSTGRES_PASSWORD=samepassword
+POSTGRES_DB=codimd
+CMD_DB_URL=postgres://codimd:samepassword@codimd-db/codimd
+CMD_SESSION_SECRET=15dr0x3a7