diff --git a/core/base/Dockerfile b/core/base/Dockerfile
index af99ccc3..814a946a 100644
--- a/core/base/Dockerfile
+++ b/core/base/Dockerfile
@@ -13,7 +13,7 @@ ARG TARGETPLATFORM
 RUN set -euxo pipefail \
   ; addgroup -Sg ${MAILU_GID} mailu \
   ; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \
-  ; apk add --no-cache bash ca-certificates curl python3 tzdata \
+  ; apk add --no-cache bash ca-certificates curl python3 tzdata libcap \
   ; machine="$(uname -m)" \
   ; ! [[ "${TARGETPLATFORM}" != linux/arm/v7 && \( "${machine}" == x86_64 || "${machine}" == armv8* || "${machine}" == aarch64 \) ]] \
     || apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc
@@ -72,6 +72,7 @@ RUN set -euxo pipefail \
 FROM system
 
 COPY --from=build /app/venv/ /app/venv/
+RUN setcap 'cap_net_bind_service=+ep' /app/venv/bin/gunicorn
 
 ENV VIRTUAL_ENV=/app/venv
 ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
diff --git a/setup/Dockerfile b/setup/Dockerfile
index 7e04931a..a410871d 100644
--- a/setup/Dockerfile
+++ b/setup/Dockerfile
@@ -6,10 +6,6 @@ FROM base
 ARG VERSION=local
 LABEL version=$VERSION
 
-RUN set -euxo pipefail \
- ; apk add --no-cache libcap \
- ; setcap 'cap_net_bind_service=+ep' /app/venv/bin/gunicorn
-
 COPY flavors /data/flavors
 COPY templates /data/templates
 COPY static ./static