diff --git a/docker/Dockerfile.soda b/docker/Dockerfile.soda
index 08819206a994b7bf8917ebee02eba1b10021ba36..ea88050d61581d4083eaf572ee3efc6d3d0a65a4 100644
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -14,6 +14,21 @@ ENV CATALINA_HOME=/usr/local/tomcat
 WORKDIR /root
 ENV HOME /root
 
+# pre-configure port 8080 (no TSL)
+COPY deps/server.xml deps/server-connector.xml* ${CATALINA_BASE}/conf/
+COPY deps/soda.logging.properties ${CATALINA_BASE}/conf/
+COPY deps/setenv.sh ${CATALINA_BASE}/bin/
+# DB used for authorization
+# Tomcat must load DB-driver (postgresql_*.jar), vlkb-soda does not explicitely load DB-drivers
+COPY deps/postgresql-*.jar  ${CATALINA_BASE}/lib
+
+# modif permissions to allow run as non-root: need to config TSL and ROOT-CONTEXT
+WORKDIR ${CATALINA_BASE}
+RUN chmod -R a+rwX conf
+
+env ACCESS_CONTEXT_ROOT=datasets
+
+
 
 RUN apt-get -y update \
  && apt-get -y install apt-utils \
@@ -22,8 +37,10 @@ RUN apt-get -y update \
 
 ENV WEBAPP_DIR=/webapps/vlkb-soda
 
+WORKDIR /root
 
 COPY deps/ast_9.2.9-1_amd64.deb ./
+
 RUN dpkg -i /root/ast_9.2.9-1_amd64.deb && ldconfig \
  && mkdir -p ${WEBAPP_DIR} \
  && mkdir -p /srv/datasets \
@@ -43,33 +60,17 @@ ENV INST_DIR=/usr/local
 RUN echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf && ldconfig \
  && echo "fits_path_surveys=/srv/datasets" > $WEBAPP_DIR/WEB-INF/classes/cutout.properties
 
-# pre-configure port 8080 (no TSL)
-COPY deps/server.xml deps/server-connector.xml* ${CATALINA_BASE}/conf/
-COPY deps/soda.logging.properties ${CATALINA_BASE}/conf/
-COPY deps/setenv.sh ${CATALINA_BASE}/bin/
-
 COPY deps/context.xml ${WEBAPP_DIR}/META-INF/context.xml
 
-# DB used for authorization
-# Tomcat must load DB-driver (postgresql_*.jar), vlkb-soda does not explicitely load DB-drivers
-COPY deps/postgresql-*.jar  ${CATALINA_BASE}/lib
-
-
-# modif permissions to allow run as non-root: need to config TSL and ROOT-CONTEXT
-WORKDIR ${CATALINA_BASE}
-RUN chmod -R a+rwX conf
-
 # enable SKA IAM token filter update
 RUN chmod a+rw ${WEBAPP_DIR}/WEB-INF/web.xml \
  && touch  ${WEBAPP_DIR}/WEB-INF/classes/ia2token.properties \
  && touch  ${WEBAPP_DIR}/WEB-INF/classes/iamtoken.properties \
  && chmod a+rw ${WEBAPP_DIR}/WEB-INF/classes/*.properties
 
-env ACCESS_CONTEXT_ROOT=datasets
 # configure during start-up
 COPY start-soda.sh.soda /root/start-soda.sh
 
-
 RUN chmod +rx /root && chmod +rx /root/start-soda.sh
 USER 1000:1000
 CMD ["sh", "-c", "/root/start-soda.sh"]