diff --git a/docker/Dockerfile b/docker/Dockerfile
index 97827c3..8a8f580 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,8 +1,14 @@
 FROM arm64v8/ubuntu:22.04
+
+# 避免交互式提示卡住构建
 ENV DEBIAN_FRONTEND=noninteractive
+
+RUN sed -i 's@//.*ports.ubuntu.com@//mirrors.aliyun.com@g' /etc/apt/sources.list
+# -----------------------------------------------------------------------------
+# 第一阶段：安装基础构建工具和 PPA 管理工具
+# -----------------------------------------------------------------------------
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    # 基础工具
     sudo \
     build-essential \
     cmake \
@@ -11,32 +17,55 @@ RUN apt-get update && \
     vim \
     unzip \
     pkg-config \
-    # PPA 管理工具
+    wget \
     software-properties-common \
-    gpg-agent \
-    && \
-    add-apt-repository -y ppa:jjriek/panfork-mesa && \
-    add-apt-repository -y ppa:jjriek/rockchip && \
-    add-apt-repository -y ppa:jjriek/rockchip-multimedia && \
-    apt-get update && \
+    gpg-agent && \
+    rm -rf /var/lib/apt/lists/*
+
+# -----------------------------------------------------------------------------
+# 第二阶段：添加 PPA 源
+# -----------------------------------------------------------------------------
+# 分开执行，确保网络问题或源失效能被单独定位
+RUN apt-get update && apt-get install -y gnupg2 curl && \
+    # 获取密钥 (如果 keyserver 连不上，多试几次或检查网络)
+    gpg --keyserver keyserver.ubuntu.com --recv-keys 3CC0D9D1F3F0354B50D24F51F02122ECF25FB4D7 && \
+    gpg --export 3CC0D9D1F3F0354B50D24F51F02122ECF25FB4D7 > /etc/apt/trusted.gpg.d/jjriek.gpg && \
+    # 手动添加源地址 (直接指向 content 服务器，绕过 API)
+    echo "deb [arch=arm64] https://ppa.launchpadcontent.net/jjriek/panfork-mesa/ubuntu jammy main" > /etc/apt/sources.list.d/panfork.list && \
+    echo "deb [arch=arm64] https://ppa.launchpadcontent.net/jjriek/rockchip/ubuntu jammy main" > /etc/apt/sources.list.d/rockchip.list && \
+    echo "deb [arch=arm64] https://ppa.launchpadcontent.net/jjriek/rockchip-multimedia/ubuntu jammy main" > /etc/apt/sources.list.d/multimedia.list && \
+    apt-get update
+
+# -----------------------------------------------------------------------------
+# 第三阶段：安装核心依赖库 (Rockchip 专有库 & 基础开发库)
+# -----------------------------------------------------------------------------
+# 注意：每次 RUN 如果涉及 install，最好都先 update，因为层之间的 apt 缓存通常不保留
+RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    espeak-ng-data \
-    libespeak1 \
     python3 \
     python3-pip \
     libssl-dev \
     libspdlog-dev \
-    libsqlite3-dev \ 
+    libsqlite3-dev \
     libboost-all-dev \
     librockchip-mpp-dev \
     librga-dev \
-	libeigen3-dev \
+    libeigen3-dev \
+    espeak-ng-data \
+    libespeak1 \
+    libasound2-plugins \
+    alsa-utils && \
+    rm -rf /var/lib/apt/lists/*
+
+# -----------------------------------------------------------------------------
+# 第四阶段：安装多媒体和视觉库 (GStreamer & OpenCV)
+# -----------------------------------------------------------------------------
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
     gstreamer1.0-rockchip \
     libgstreamer1.0-dev \
     libgstreamer-plugins-base1.0-dev \
-    alsa-utils \ 
-    libasound2-plugins \  
-    gstreamer1.0-alsa \             
+    gstreamer1.0-alsa \
     gstreamer1.0-plugins-base \
     gstreamer1.0-plugins-good \
     gstreamer1.0-plugins-bad \
@@ -44,27 +73,38 @@ RUN apt-get update && \
     gstreamer1.0-libav \
     gstreamer1.0-tools \
     gstreamer1.0-x \
-    gstreamer1.0-alsa \
     gstreamer1.0-pulseaudio \
     gstreamer1.0-rtsp \
     libopencv-dev \
-    nmap \
-    && \
-    groupadd -r developers && \
+    nmap && \
+    rm -rf /var/lib/apt/lists/*
+
+# -----------------------------------------------------------------------------
+# 第五阶段：用户与权限配置
+# -----------------------------------------------------------------------------
+RUN groupadd -r developers && \
     useradd -ms /bin/bash -g developers -G sudo dev && \
-    groupadd -g 20 dialout || true && \
-    groupadd -g 44 video || true && \
-    groupadd -g 110 render || true && \
-    groupadd -g 29 render || true && \
+    # 允许组创建失败（如果组已存在），使用 || true
+    (groupadd -g 20 dialout || true) && \
+    (groupadd -g 44 video || true) && \
+    (groupadd -g 110 render || true) && \
+    (groupadd -g 29 render_alt || true) && \
     usermod -a -G dialout dev && \
     usermod -a -G video dev && \
     usermod -a -G render dev && \
     usermod -a -G audio dev && \
-    echo "dev ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/dev-nopasswd 
+    echo "dev ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/dev-nopasswd
 
+# 配置 umask
 RUN echo "umask 0002" > /etc/profile.d/99-shared-umask.sh && \
     chmod +x /etc/profile.d/99-shared-umask.sh
+
+# -----------------------------------------------------------------------------
+# 第六阶段：编译第三方源码 (Paho MQTT)
+# -----------------------------------------------------------------------------
+# 建议：确保你有 .dockerignore 文件排除 .git 目录，否则 COPY . 会很慢
 COPY . /tmp/build-context
+
 RUN cd /tmp/build-context/external/paho.mqtt.c && \
     cmake -Bbuild -H. -DPAHO_WITH_SSL=ON -DPAHO_BUILD_SAMPLES=OFF -DPAHO_BUILD_DOCUMENTATION=OFF && \
     cmake --build build --target install && \
@@ -73,25 +113,34 @@ RUN cd /tmp/build-context/external/paho.mqtt.c && \
     cmake --build build --target install && \
     rm -rf /tmp/build-context
 
+# -----------------------------------------------------------------------------
+# 第七阶段：安装 RKNN SDK
+# -----------------------------------------------------------------------------
 COPY rknn_sdk/librknn_api/include/rknn_api.h /usr/local/include/
 COPY rknn_sdk/rknn_server/aarch64/usr/bin/rknn_server /usr/bin/rknn_server
 COPY rknn_sdk/librknn_api/aarch64/librknnrt.so /usr/lib/librknnrt.so
 COPY rknn_sdk/librknn_api/aarch64/librknn_api.so /usr/lib/librknn_api.so
 COPY rknn_sdk/whl/*.whl /tmp/rknn_wheels/
-RUN pip3 install /tmp/rknn_wheels/*.whl && \
-    rm -rf /tmp/rknn_wheels
-RUN chmod +x /usr/bin/rknn_server
-RUN ldconfig
 
-RUN rm -rf /var/lib/apt/lists/*
+RUN pip3 install /tmp/rknn_wheels/*.whl && \
+    rm -rf /tmp/rknn_wheels && \
+    chmod +x /usr/bin/rknn_server && \
+    ldconfig
+
+# -----------------------------------------------------------------------------
+# 第八阶段：Python 环境与运行准备
+# -----------------------------------------------------------------------------
 COPY piper_models/ /app/piper_models/
+
 USER dev
+# 这里的 --no-cache-dir 对于减小镜像体积很重要
 RUN pip install --no-cache-dir --user -i https://mirrors.aliyun.com/pypi/simple/ \
     piper-tts \
     onvif-zeep \
     python-nmap \
     psutil \
-    paramiko 
+    paramiko
+
 RUN echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bash_profile
-USER dev
+
 CMD ["/bin/bash"]
\ No newline at end of file