diff --git a/Dockerfile b/Dockerfile
index da42b4397f946..781e84f89f639 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -196,6 +196,21 @@ COPY ./frontend/src/lib/hubPaths.json ${APP}/hubPaths.json
 
 RUN windmill cache ${APP}/hubPaths.json && rm ${APP}/hubPaths.json && chmod -R 777 /tmp/windmill
 
+# Create a non-root user 'windmill' with UID and GID 1000
+RUN addgroup --gid 1000 windmill && \
+    adduser --disabled-password --gecos "" --uid 1000 --gid 1000 windmill
+
+RUN cp -r /root/.cache /home/windmill/.cache
+
+RUN mkdir -p /tmp/windmill/logs && \
+    mkdir -p /tmp/windmill/search
+
+RUN chown -R windmill:windmill ${APP} && \
+     chown -R windmill:windmill /tmp/windmill && \
+     chown -R windmill:windmill /home/windmill/.cache
+
+USER root
+
 EXPOSE 8000
 
 CMD ["windmill"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 13d1c3ac98de5..fb46dd7fb2d12 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -143,7 +143,7 @@ services:
     expose:
       - 3001
     volumes:
-      - lsp_cache:/root/.cache
+      - lsp_cache:/pyls/.cache
 
   multiplayer:
     image: ghcr.io/windmill-labs/windmill-multiplayer:latest
diff --git a/examples/deploy/aws-ecs-terraform/windmill_lsp.tf b/examples/deploy/aws-ecs-terraform/windmill_lsp.tf
index 70ff48af5848d..02bd2c5d562d0 100644
--- a/examples/deploy/aws-ecs-terraform/windmill_lsp.tf
+++ b/examples/deploy/aws-ecs-terraform/windmill_lsp.tf
@@ -47,7 +47,7 @@ resource "aws_ecs_task_definition" "windmill_cluster_windmill_lsp_td" {
 
   volume {
     name      = "lsp_cache"
-    host_path = "/root/.cache"
+    host_path = "/pyls/.cache"
   }
 }
 
diff --git a/lsp/Dockerfile b/lsp/Dockerfile
index 041bc13d39d43..88a2253653e2c 100644
--- a/lsp/Dockerfile
+++ b/lsp/Dockerfile
@@ -5,6 +5,8 @@ FROM python-base
 COPY --from=node-base /usr/local /usr/local
 
 ENV PATH="/usr/local/bin:${PATH}"
+ENV PIPENV_VENV_IN_PROJECT=1
+ENV XDG_CACHE_HOME=/pyls/.cache
 
 RUN apt-get update \
     && apt-get install -y shellcheck wget \
@@ -39,12 +41,12 @@ RUN pip3 install tornado python-lsp-jsonrpc ruff-lsp
 
 COPY --from=denoland/deno:2.1.2 --chmod=755 /usr/bin/deno /usr/bin/deno
 
-COPY Pipfile .
+RUN mkdir -p /pyls/.cache
 
+WORKDIR /pyls
+COPY Pipfile .
 RUN cat Pipfile
-
 RUN pip install Cython
-
 RUN pipenv install
 
 COPY pyls_launcher.py .
@@ -52,6 +54,9 @@ COPY pyls_launcher.py .
 RUN mkdir -p /tmp/monaco && chmod -R 777 /tmp/monaco
 RUN cd /tmp/monaco && npm install --save-dev windmill-client
 
+RUN chmod -R a+rX /usr/local && \
+    chmod -R a+rX /pyls
+
 EXPOSE 3001
 
-CMD ["python3", "pyls_launcher.py"]
+CMD ["sh", "-c", "if [ -d /root/.cache ]; then export XDG_CACHE_HOME=/root/.cache && cp -r /pyls/.cache /root/.cache; fi && python3 pyls_launcher.py"]