diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index ab6af6b..b2cda46 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -40,20 +40,13 @@ jobs:
       - name: Build Container
         run: docker compose build
 
-      - name: Free Port 3000
-        run: |
-          # Remove any container publishing :3000 (old Next.js container,
-          # orphans from a previously-named compose project, etc.)
-          OLD=$(docker ps -a --filter publish=3000 -q)
-          if [ -n "$OLD" ]; then
-            echo "Removing containers on :3000 -> $OLD"
-            docker rm -f $OLD || true
-          fi
-          # Belt and suspenders: also remove by our known name.
-          docker rm -f soroushasadi-site 2>/dev/null || true
-
       - name: Deploy
-        run: docker compose up -d --remove-orphans
+        # Compose recreates ONLY our own container (container_name:
+        # soroushasadi-site, project: soroushasadi). It must never touch
+        # other stacks. Do NOT add any step that removes containers by
+        # published port — port 3000 is Gitea and 5xxx/3xxx belong to
+        # other apps on this host.
+        run: docker compose up -d
 
       - name: Wait For Health Check
         run: |
diff --git a/docker-compose.yml b/docker-compose.yml
index 95bde57..9472b83 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,8 +11,10 @@ services:
     image: soroushasadi-site:latest
     container_name: soroushasadi-site
     restart: unless-stopped
+    # Host port 3020 → container 3000. Port 3000 on the host is Gitea
+    # (git.soroushasadi.com proxies to :3000) — NEVER publish on 3000.
     ports:
-      - "3000:3000"
+      - "3020:3000"
     environment:
       ASPNETCORE_ENVIRONMENT: Production
       DataDir: /data