diff --git a/modules/container-base/src/main/docker/Dockerfile b/modules/container-base/src/main/docker/Dockerfile
index caec4ee6619..68b9da13c67 100644
--- a/modules/container-base/src/main/docker/Dockerfile
+++ b/modules/container-base/src/main/docker/Dockerfile
@@ -67,43 +67,47 @@ ENV PATH="${PATH}:${PAYARA_DIR}/bin" \
     ENABLE_JDWP=0 \
     ENABLE_RELOAD=0
 
-ARG JATTACH_VERSION="v2.1"
-ARG JATTACH_CHECKSUM="07885fdc782e02e7302c6d190f54c3930afa10a38140365adf54076ec1086a8e"
-ARG PKGS="jq imagemagick curl unzip wget acl dirmngr gpg lsof procps netcat tini"
-ARG ASADMIN="${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE}"
-
 ### PART 1: SYSTEM ###
 ARG UID=1000
 ARG GID=1000
 USER root
 WORKDIR /
 SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
-RUN true && \
+RUN <<EOF
     # Create pathes
-    mkdir -p "${HOME_DIR}" "${PAYARA_DIR}" "${DEPLOY_DIR}" "${CONFIG_DIR}" "${SCRIPT_DIR}" && \
-    mkdir -p "${DOCROOT_DIR}" "${SECRETS_DIR}" "${DUMPS_DIR}" && \
+    mkdir -p "${HOME_DIR}" "${PAYARA_DIR}" "${DEPLOY_DIR}" "${CONFIG_DIR}" "${SCRIPT_DIR}"
+    mkdir -p "${DOCROOT_DIR}" "${SECRETS_DIR}" "${DUMPS_DIR}"
     # Create user
-    addgroup --gid ${GID} payara && \
-    adduser --system --uid ${UID} --no-create-home --shell /bin/bash --home "${HOME_DIR}" --gecos "" --ingroup payara payara && \
-    echo payara:payara | chpasswd && \
+    addgroup --gid ${GID} payara
+    adduser --system --uid ${UID} --no-create-home --shell /bin/bash --home "${HOME_DIR}" --gecos "" --ingroup payara payara
+    echo payara:payara | chpasswd
     # Set permissions
-    chown -R payara: "${HOME_DIR}" && \
+    chown -R payara: "${HOME_DIR}"
     chown -R payara: "${DOCROOT_DIR}" "${SECRETS_DIR}" "${DUMPS_DIR}"
+EOF
+
+ARG JATTACH_VERSION="v2.1"
+ARG JATTACH_CHECKSUM="07885fdc782e02e7302c6d190f54c3930afa10a38140365adf54076ec1086a8e"
+ARG PKGS="jq imagemagick curl unzip wget acl dirmngr gpg lsof procps netcat tini"
 
 # Installing the packages in an extra container layer for better caching
-RUN true && \
+RUN <<EOF
     # Install packages
-    apt-get update -q && \
-    apt-get install -qqy --no-install-recommends ${PKGS} && \
+    apt-get update -q
+    apt-get install -qqy --no-install-recommends ${PKGS}
     # Install jattach
-    curl -sSfL -o /usr/bin/jattach "https://github.com/apangin/jattach/releases/download/${JATTACH_VERSION}/jattach" && \
-    echo "${JATTACH_CHECKSUM} /usr/bin/jattach" | sha256sum -c - && \
-    chmod +x /usr/bin/jattach && \
+    curl -sSfL -o /usr/bin/jattach "https://github.com/apangin/jattach/releases/download/${JATTACH_VERSION}/jattach"
+    echo "${JATTACH_CHECKSUM} /usr/bin/jattach" | sha256sum -c -
+    chmod +x /usr/bin/jattach
     # Cleanup
     rm -rf "/var/lib/apt/lists/*"
+EOF
 
 ### PART 2: PAYARA ###
 # After setting up system, now configure Payara
+
+ARG ASADMIN="${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE}"
+
 USER payara
 WORKDIR ${HOME_DIR}
 
@@ -114,92 +118,100 @@ COPY --chown=payara:payara maven/appserver ${PAYARA_DIR}/
 COPY --chown=payara:payara maven/scripts ${SCRIPT_DIR}/
 
 # Configure the domain to be container and production ready
-# -- This is mostly inherited from the "production domain template", experience with Dataverse and https://blog.payara.fish/fine-tuning-payara-server-5-in-production
-RUN true && \
+# -- This is mostly inherited from the "production domain template", experience with Dataverse and
+#    https://blog.payara.fish/fine-tuning-payara-server-5-in-production
+RUN <<EOF
     # Set admin password
-    echo "AS_ADMIN_PASSWORD=" > /tmp/password-change-file.txt && \
-    echo "AS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" >> /tmp/password-change-file.txt && \
-    echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE}  && \
-    asadmin --user=${ADMIN_USER} --passwordfile=/tmp/password-change-file.txt change-admin-password --domain_name=${DOMAIN_NAME} && \
+    echo "AS_ADMIN_PASSWORD=" > /tmp/password-change-file.txt
+    echo "AS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" >> /tmp/password-change-file.txt
+    echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE}
+    asadmin --user=${ADMIN_USER} --passwordfile=/tmp/password-change-file.txt change-admin-password --domain_name=${DOMAIN_NAME}
     # Start domain for configuration
-    ${ASADMIN} start-domain ${DOMAIN_NAME} && \
+    ${ASADMIN} start-domain ${DOMAIN_NAME}
     # Allow access to admin with password only
-    ${ASADMIN} enable-secure-admin && \
+    ${ASADMIN} enable-secure-admin
+
     ### CONTAINER USAGE ENABLEMENT
     # List & delete memory settings from domain
-    for MEMORY_JVM_OPTION in $(${ASADMIN} list-jvm-options | grep "Xm[sx]\|Xss\|NewRatio"); \
-       do \
-         ${ASADMIN} delete-jvm-options $(echo $MEMORY_JVM_OPTION | sed -e 's/:/\\:/g'); \
-       done && \
+    for MEMORY_JVM_OPTION in $(${ASADMIN} list-jvm-options | grep "Xm[sx]\|Xss\|NewRatio");
+       do
+         ${ASADMIN} delete-jvm-options $(echo $MEMORY_JVM_OPTION | sed -e 's/:/\\:/g');
+       done
     # Tweak memory settings for containers
-    ${ASADMIN} create-jvm-options "-XX\:+UseContainerSupport" && \
-    ${ASADMIN} create-jvm-options "-XX\:MaxRAMPercentage=\${ENV=MEM_MAX_RAM_PERCENTAGE}" && \
-    ${ASADMIN} create-jvm-options "-Xss\${ENV=MEM_XSS}" && \
-    ${ASADMIN} create-jvm-options "-XX\:MinHeapFreeRatio=\${ENV=MEM_MIN_HEAP_FREE_RATIO}" && \
-    ${ASADMIN} create-jvm-options "-XX\:MaxHeapFreeRatio=\${ENV=MEM_MAX_HEAP_FREE_RATIO}" && \
-    ${ASADMIN} create-jvm-options "-XX\:HeapDumpPath=\${ENV=DUMPS_DIR}" && \
+    ${ASADMIN} create-jvm-options "-XX\:+UseContainerSupport"
+    ${ASADMIN} create-jvm-options "-XX\:MaxRAMPercentage=\${ENV=MEM_MAX_RAM_PERCENTAGE}"
+    ${ASADMIN} create-jvm-options "-Xss\${ENV=MEM_XSS}"
+    ${ASADMIN} create-jvm-options "-XX\:MinHeapFreeRatio=\${ENV=MEM_MIN_HEAP_FREE_RATIO}"
+    ${ASADMIN} create-jvm-options "-XX\:MaxHeapFreeRatio=\${ENV=MEM_MAX_HEAP_FREE_RATIO}"
+    ${ASADMIN} create-jvm-options "-XX\:HeapDumpPath=\${ENV=DUMPS_DIR}"
     # Set logging to console only for containers
-    ${ASADMIN} set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false && \
+    ${ASADMIN} set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false \
+
     ### PRODUCTION READINESS
-    ${ASADMIN} create-jvm-options '-XX\:+UseG1GC' && \
-    ${ASADMIN} create-jvm-options '-XX\:+UseStringDeduplication' && \
-    ${ASADMIN} create-jvm-options '-XX\:+DisableExplicitGC' && \
-    ${ASADMIN} create-jvm-options '-XX\:MaxGCPauseMillis=${ENV=MEM_MAX_GC_PAUSE_MILLIS}' && \
-    ${ASADMIN} create-jvm-options '-XX\:MetaspaceSize=${ENV=MEM_METASPACE_SIZE}' && \
-    ${ASADMIN} create-jvm-options '-XX\:MaxMetaspaceSize=${ENV=MEM_MAX_METASPACE_SIZE}' && \
-    ${ASADMIN} create-jvm-options '-XX\:+IgnoreUnrecognizedVMOptions' && \
+    ${ASADMIN} create-jvm-options '-XX\:+UseG1GC'
+    ${ASADMIN} create-jvm-options '-XX\:+UseStringDeduplication'
+    ${ASADMIN} create-jvm-options '-XX\:+DisableExplicitGC'
+    ${ASADMIN} create-jvm-options '-XX\:MaxGCPauseMillis=${ENV=MEM_MAX_GC_PAUSE_MILLIS}'
+    ${ASADMIN} create-jvm-options '-XX\:MetaspaceSize=${ENV=MEM_METASPACE_SIZE}'
+    ${ASADMIN} create-jvm-options '-XX\:MaxMetaspaceSize=${ENV=MEM_MAX_METASPACE_SIZE}'
+    ${ASADMIN} create-jvm-options '-XX\:+IgnoreUnrecognizedVMOptions'
     # Disable autodeploy and hot reload
-    ${ASADMIN} set configs.config.server-config.admin-service.das-config.dynamic-reload-enabled="false" && \
-    ${ASADMIN} set configs.config.server-config.admin-service.das-config.autodeploy-enabled="false" && \
+    ${ASADMIN} set configs.config.server-config.admin-service.das-config.dynamic-reload-enabled="false"
+    ${ASADMIN} set configs.config.server-config.admin-service.das-config.autodeploy-enabled="false"
     # Enlarge thread pools
-    ${ASADMIN} set server-config.thread-pools.thread-pool.http-thread-pool.max-thread-pool-size="50" && \
-    ${ASADMIN} set server-config.thread-pools.thread-pool.http-thread-pool.max-queue-size="" && \
-    ${ASADMIN} set default-config.thread-pools.thread-pool.thread-pool-1.max-thread-pool-size="250" && \
+    ${ASADMIN} set server-config.thread-pools.thread-pool.http-thread-pool.max-thread-pool-size="50"
+    ${ASADMIN} set server-config.thread-pools.thread-pool.http-thread-pool.max-queue-size=""
+    ${ASADMIN} set default-config.thread-pools.thread-pool.thread-pool-1.max-thread-pool-size="250"
     # Enable file caching
-    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-1.http.file-cache.enabled="true" && \
-    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-2.http.file-cache.enabled="true" && \
-    ${ASADMIN} set default-config.network-config.protocols.protocol.http-listener-1.http.file-cache.enabled="true" && \
-    ${ASADMIN} set default-config.network-config.protocols.protocol.http-listener-2.http.file-cache.enabled="true" && \
+    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-1.http.file-cache.enabled="true"
+    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-2.http.file-cache.enabled="true"
+    ${ASADMIN} set default-config.network-config.protocols.protocol.http-listener-1.http.file-cache.enabled="true"
+    ${ASADMIN} set default-config.network-config.protocols.protocol.http-listener-2.http.file-cache.enabled="true"
     # Disable the HTTPS listener (we are always fronting our appservers with a reverse proxy handling SSL)
-    ${ASADMIN} set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled="false" && \
-    # Enlarge and tune EJB pools (cannot do this for server-config as set does not create new entries) \
-    ${ASADMIN} set default-config.ejb-container.pool-resize-quantity="2" && \
-    ${ASADMIN} set default-config.ejb-container.max-pool-size="128" && \
-    ${ASADMIN} set default-config.ejb-container.steady-pool-size="10" && \
+    ${ASADMIN} set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-2.enabled="false"
+    # Enlarge and tune EJB pools (cannot do this for server-config as set does not create new entries)
+    ${ASADMIN} set default-config.ejb-container.pool-resize-quantity="2"
+    ${ASADMIN} set default-config.ejb-container.max-pool-size="128"
+    ${ASADMIN} set default-config.ejb-container.steady-pool-size="10"
     # Misc settings
-    ${ASADMIN} create-system-properties fish.payara.classloading.delegate="false" && \
-    ${ASADMIN} create-system-properties jersey.config.client.readTimeout="300000" && \
-    ${ASADMIN} create-system-properties jersey.config.client.connectTimeout="300000" && \
+    ${ASADMIN} create-system-properties fish.payara.classloading.delegate="false"
+    ${ASADMIN} create-system-properties jersey.config.client.readTimeout="300000"
+    ${ASADMIN} create-system-properties jersey.config.client.connectTimeout="300000" \
+
     ### DATAVERSE APPLICATION SPECIFICS
     # Configure the MicroProfile directory config source to point to /secrets
-    ${ASADMIN} set-config-dir --directory="${SECRETS_DIR}" && \
+    ${ASADMIN} set-config-dir --directory="${SECRETS_DIR}"
     # Make request timeouts configurable via MPCONFIG (default to 900 secs = 15 min)
-    ${ASADMIN} set 'server-config.network-config.protocols.protocol.http-listener-1.http.request-timeout-seconds=${MPCONFIG=dataverse.http.timeout:900}' && \
+    ${ASADMIN} set 'server-config.network-config.protocols.protocol.http-listener-1.http.request-timeout-seconds=${MPCONFIG=dataverse.http.timeout:900}'
     # TODO: what of the below 3 items can be deleted for container usage?
-    ${ASADMIN} create-network-listener --protocol=http-listener-1 --listenerport=8009 --jkenabled=true jk-connector && \
-    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-1.http.comet-support-enabled=true && \
-    ${ASADMIN} create-system-properties javax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl && \
+    ${ASADMIN} create-network-listener --protocol=http-listener-1 --listenerport=8009 --jkenabled=true jk-connector
+    ${ASADMIN} set server-config.network-config.protocols.protocol.http-listener-1.http.comet-support-enabled=true
+    ${ASADMIN} create-system-properties javax.xml.parsers.SAXParserFactory=com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl
     # Always disable phoning home...
-    ${ASADMIN} disable-phone-home && \
+    ${ASADMIN} disable-phone-home \
+
     ### CLEANUP
     # Stop domain
-    ${ASADMIN} stop-domain "${DOMAIN_NAME}" && \
-    # Disable JSP servlet dynamic reloads \
-    sed -i 's#<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>#<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>\n    <init-param>\n      <param-name>development</param-name>\n      <param-value>false</param-value>\n    </init-param>\n    <init-param>\n      <param-name>genStrAsCharArray</param-name>\n      <param-value>true</param-value>\n    </init-param>#' "${DOMAIN_DIR}/config/default-web.xml" && \
+    ${ASADMIN} stop-domain "${DOMAIN_NAME}"
+    # Disable JSP servlet dynamic reloads
+    sed -i 's#<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>#<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>\n    <init-param>\n      <param-name>development</param-name>\n      <param-value>false</param-value>\n    </init-param>\n    <init-param>\n      <param-name>genStrAsCharArray</param-name>\n      <param-value>true</param-value>\n    </init-param>#' "${DOMAIN_DIR}/config/default-web.xml"
     # Cleanup old CA certificates to avoid unnecessary log clutter during startup
-    ${SCRIPT_DIR}/removeExpiredCaCerts.sh && \
+    ${SCRIPT_DIR}/removeExpiredCaCerts.sh
     # Delete generated files
     rm -rf \
         "/tmp/password-change-file.txt" \
         "${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/osgi-cache" \
         "${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/logs"
+EOF
 
 # Make docroot of Payara reside in higher level directory for easier targeting
 # Due to gdcc/dataverse-kubernetes#177: create the generated pathes so they are
 # writeable by us. TBR with gdcc/dataverse-kubernetes#178.
-RUN rm -rf "${DOMAIN_DIR}"/docroot && \
-    ln -s "${DOCROOT_DIR}" "${DOMAIN_DIR}"/docroot && \
+RUN <<EOF
+    rm -rf "${DOMAIN_DIR}"/docroot
+    ln -s "${DOCROOT_DIR}" "${DOMAIN_DIR}"/docroot
     mkdir -p "${DOMAIN_DIR}"/generated/jsp/dataverse
+EOF
 
 # Set the entrypoint to tini (as a process supervisor)
 ENTRYPOINT ["/usr/bin/tini", "--"]