diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..88376ca
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+FROM alpine:latest
+
+ARG DOMAIN
+
+RUN apk add --update --no-cache python3 py3-pip nginx uwsgi uwsgi-python3 certbot lsof
+
+WORKDIR /root/ftracker
+
+COPY ftracker/ ./ftracker/
+COPY web/ /var/www/html/ftracker/
+COPY res/ ./res/
+
+COPY setup.py .
+COPY README.md .
+COPY LICENSE.md .
+
+RUN mkdir -p /etc/ftracker /var/ftracker \
+	&& chown -R nginx:nginx /etc/ftracker /var/ftracker
+
+COPY res/config.deploy.ini /etc/ftracker/config.ini
+
+RUN pip3 install .
+
+RUN rm /etc/nginx/conf.d/default.conf
+RUN if [ -n "$DOMAIN" ] ;\
+	then \
+		cp ./res/ftracker.docker.nginx.conf /etc/nginx/conf.d/ftracker.conf ;\
+		certbot certonly --non-interactive --manual-public-ip-logging-ok -d ${DOMAIN} ;\
+		sed -i "s|CERT|/usr/local/etc/letsencrypt/live/${DOMAIN}/fullchain.pem|g" /etc/nginx/conf.d/ftracker.conf ;\
+		sed -i "s|KEY|/usr/local/etc/letsencrypt/live/${DOMAIN}/privkey.pem|g" /etc/nginx/conf.d/ftracker.conf ;\
+		echo Installed certificate. ;\
+	else \
+		cp ./res/ftracker.nossl.nginx.conf /etc/nginx/conf.d/ftracker.conf ;\
+		echo Skipped SSL installation. ;\
+	fi
+
+RUN chmod +x ./res/docker-entrypoint.sh
+ENTRYPOINT [ "./res/docker-entrypoint.sh" ]
diff --git a/res/config.deploy.ini b/res/config.deploy.ini
new file mode 100644
index 0000000..8dbbf56
--- /dev/null
+++ b/res/config.deploy.ini
@@ -0,0 +1,23 @@
+[global]
+
+# Persistent file for storage of times, in .json format.
+# Remove or leave empty for temporary (/tmp/ftracker-db.json) storage
+db_file = /var/ftracker/db.json
+
+# List of people to be allowed, in .csv format (comma, no delimiters)
+# Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail
+# Remove or leave empty for no check
+name_file =
+
+
+# Username and password for data retrieval
+admin_user = admin
+admin_pass = topSecret
+
+
+# Link to a document with guidelines for entering
+guideline_url = https://fasttube.de/wp-content/uploads/2020/12/Cororna-Regeln-Stand-01.12.2020.pdf
+
+
+# JSON indentation for debugging
+json_indent = 4
diff --git a/res/docker-entrypoint.sh b/res/docker-entrypoint.sh
new file mode 100644
index 0000000..010a3da
--- /dev/null
+++ b/res/docker-entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+echo " >>> starting nginx <<< "
+
+mkdir /run/nginx # needed because of bug in package
+/usr/sbin/nginx -t
+/usr/sbin/nginx
+
+echo " >>> starting uwsgi <<< "
+
+/usr/sbin/uwsgi --ini /root/ftracker/res/ftracker.alpine.uwsgi.ini
diff --git a/res/ftracker.alpine.uwsgi.ini b/res/ftracker.alpine.uwsgi.ini
new file mode 100644
index 0000000..5744381
--- /dev/null
+++ b/res/ftracker.alpine.uwsgi.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+plugin = python3
+module = ftracker:app
+socket = /tmp/ftracker.sock
+manage-script-name = true
+master = true
+
+uid = nginx
+gid = nginx
+
+proesses = 1
+threads = 1
diff --git a/res/ftracker.debian.uwsgi.ini b/res/ftracker.debian.uwsgi.ini
new file mode 100644
index 0000000..f4b5ab1
--- /dev/null
+++ b/res/ftracker.debian.uwsgi.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+plugin = python3
+module = ftracker:app
+socket = /tmp/ftracker.sock
+manage-script-name = true
+master = true
+
+uid = www-data
+gid = www-data
+
+proesses = 1
+threads = 1
diff --git a/res/ftracker.docker.nginx.conf b/res/ftracker.docker.nginx.conf
new file mode 100644
index 0000000..3b35c1e
--- /dev/null
+++ b/res/ftracker.docker.nginx.conf
@@ -0,0 +1,37 @@
+server {
+
+	listen 443 ssl default_server;
+
+	root /var/www/html/ftracker;
+
+	index index.html index.htm;
+
+	location / {
+		# First attempt to serve request as file
+		# If no such file, pass to backend
+		try_files $uri $uri/ $uri.html @api;
+	}
+
+	location @api {
+		include uwsgi_params;
+		# Pass it to the uwsgi server
+		uwsgi_pass unix:///tmp/ftracker.sock;
+	}
+
+	# RIP
+	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+
+	ssl_certificate CERT;
+	ssl_certificate_key KEY;
+
+}
+
+server {
+
+	listen 80 default_server;
+
+	# 308 instead of 301 to prohibit method change on redirect
+	# (some clients change POST to GET on 301, 308 does not allow that)
+	return 308 https://$host$request_uri;
+
+}
diff --git a/res/ftracker.uwsgi.ini b/res/ftracker.freebsd.uwsgi.ini
similarity index 100%
rename from res/ftracker.uwsgi.ini
rename to res/ftracker.freebsd.uwsgi.ini
diff --git a/res/ftracker.nginx.conf b/res/ftracker.nginx.conf
index 5926bf5..3d40254 100644
--- a/res/ftracker.nginx.conf
+++ b/res/ftracker.nginx.conf
@@ -1,38 +1,38 @@
 server {
-        server_name ftracker.fasttube.de;
+	server_name ftracker.fasttube.de;
 
-        listen 443 ssl;
+	listen 443 ssl;
 
-        root /root/ftracker/web;
+	root /root/ftracker/web;
 
-        index index.html index.htm;
+	index index.html index.htm;
 
-        location / {
-                # First attempt to serve request as file
-                # If no such file, show index to allow for client side routing
-                try_files $uri $uri/ $uri.html @api;
+	location / {
+		# First attempt to serve request as file
+		# If no such file, pass to backend
+		try_files $uri $uri/ $uri.html @api;
 	}
 
 	location @api {
-                include uwsgi_params;
-                # Pass it to the uwsgi server
-                uwsgi_pass unix:///tmp/ftracker.sock;
-        }
+		include uwsgi_params;
+		# Pass it to the uwsgi server
+		uwsgi_pass unix:///tmp/ftracker.sock;
+	}
 
-        # RIP
-        add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+	# RIP
+	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
 
-        ssl_certificate /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/fullchain.pem;
-        ssl_certificate_key /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/privkey.pem;
+	ssl_certificate /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/fullchain.pem;
+	ssl_certificate_key /usr/local/etc/letsencrypt/live/ftracker.fasttube.de/privkey.pem;
 
 }
 
 server {
-        server_name ftracker.fasttube.de;
+	server_name ftracker.fasttube.de;
 
-        listen 80;
+	listen 80;
 
-        # 308 instead of 301 to prohibit method change on redirect
-        # (some clients change POST to GET on 301, 308 does not allow that)
-        return 308 https://$host$request_uri;
+	# 308 instead of 301 to prohibit method change on redirect
+	# (some clients change POST to GET on 301, 308 does not allow that)
+	return 308 https://$host$request_uri;
 }
diff --git a/res/ftracker.nossl.nginx.conf b/res/ftracker.nossl.nginx.conf
new file mode 100644
index 0000000..e07310f
--- /dev/null
+++ b/res/ftracker.nossl.nginx.conf
@@ -0,0 +1,24 @@
+server {
+
+	listen 80 default_server;
+
+	root /var/www/html/ftracker;
+
+	index index.html index.htm;
+
+	location / {
+		# First attempt to serve request as file
+		# If no such file, pass to backend
+		try_files $uri $uri/ $uri.html @api;
+	}
+
+	location @api {
+		include uwsgi_params;
+		# Pass it to the uwsgi server
+		uwsgi_pass unix:///tmp/ftracker.sock;
+	}
+
+	# RIP
+	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+
+}