diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 00000000..7ba3f252
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,55 @@
+FROM python:3.11-bookworm
+#LABEL maintainer="kevin@meredithkm.info"
+
+ARG BUILD=prod
+ARG uwsgi_uid=700
+ARG uwsgi_gid=700
+
+ENV BASEDOMAIN=nsupdate.localdomain
+ENV BUILD=$BUILD
+ENV DATABASE_URL="sqlite:////config/nsupdate.sqlite"
+ENV DJANGO_EMAIL=django@nsupdate.localdomain
+ENV DJANGO_SETTINGS_MODULE=local_settings
+ENV DJANGO_SUPERPASS=S3cr3t
+ENV DJANGO_SUPERUSER_EMAIL="admin@localhost.localdomain"
+ENV DJANGO_SUPERUSER_PASSWORD="admin"
+ENV DJANGO_SUPERUSER_USERNAME="admin"
+ENV DOCKER_CONTAINER=1
+ENV SECRET_KEY=S3cr3t
+ENV SERVICE_CONTACT=hostmaster@nsupdate.localdomain
+ENV UWSGI_INI=/nsupdate/uwsgi.ini
+ENV PYTHONPATH="/nsupdate/src"
+
+RUN mkdir /config
+
+# Install python3 and pip
+RUN DEBIAN_FRONTEND=noninteractive apt update \
+    && apt install -y --no-install-recommends \
+       git 
+RUN  git clone https://github.com/nsupdate-info/nsupdate.info.git /nsupdate \
+  && cd /nsupdate/ \
+  && pip install -r requirements.d/prod.txt \
+  && pip install -e .
+
+COPY local_settings.py.default /nsupdate/src/local_settings.py
+RUN django-admin migrate \
+  && django-admin createsuperuser --noinput
+
+RUN rm -rf /tmp/* /var/tmp/* \
+    && rm -rf /var/lib/apt/lists/*
+
+
+EXPOSE 8000
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+VOLUME ["/config"]
+
+#ENTRYPOINT ["django-admin", "runserver"]
+#ENTRYPOINT ["python3", "/nsupdate/manage.py", "runserver", "0.0.0.0:8000"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
+#ENTRYPOINT ["tail", "-f", "/dev/null"]
+RUN pip install  django-xff
+RUN pip install whitenoise
+RUN django-admin collectstatic --noinput
diff --git a/docker/Readme.md b/docker/Readme.md
new file mode 100644
index 00000000..8b49eee1
--- /dev/null
+++ b/docker/Readme.md
@@ -0,0 +1,2 @@
+To run locally:
+`docker compose build && docker compose up`
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 00000000..93de4fc1
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  nsupdate.info:
+    build: .
+    container_name: nsupdate.info
+    volumes:
+      - ./config:/config
+      - ./local_settings.py:/nsupdate/src/local_settings.py
+    ports:
+      - 8916:8000
+    restart: unless-stopped
+    env_file:
+      - .env_prod
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
new file mode 100644
index 00000000..5e99c176
--- /dev/null
+++ b/docker/docker-entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Collect static files
+#echo "Collect static files"
+#python manage.py collectstatic --noinput
+
+# Apply database migrations
+echo "Apply database migrations"
+python3 /nsupdate/manage.py migrate
+python3 /nsupdate/manage.py createsuperuser --noinput
+
+# Start server
+echo "Starting server"
+#python3 /nsupdate/manage.py runserver 0.0.0.0:8000
+cd /nsupdate/src
+#gunicorn --workers=4 --log-level=info --forwarded-allow-ips="$TRUSTED_PROXIES" --bind 0.0.0.0:8000 nsupdate.wsgi
+gunicorn --workers=4 --log-level=info --forwarded-allow-ips='*' --bind 0.0.0.0:8000 nsupdate.wsgi
diff --git a/docker/local_settings.py.default b/docker/local_settings.py.default
new file mode 100644
index 00000000..aa0da461
--- /dev/null
+++ b/docker/local_settings.py.default
@@ -0,0 +1,51 @@
+from nsupdate.settings.prod import *
+
+SECRET_KEY='S3CR3T'
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',  # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+        'NAME': '/config/nsupdate.sqlite',               # Or path to database file if using sqlite3.
+        # The following settings are not used with sqlite3:
+        'USER': '',
+        'PASSWORD': '',
+        'HOST': '',             # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
+        'PORT': ''              # Set to empty string for default.
+    }
+}
+
+TIME_ZONE='Europe/Rome'
+
+BASEDOMAIN='dyn.example.com'
+# Create A records for www, ipv4, ipv6 and BASEDOMAIN. 
+# Also setup SSL certs for these SANs on the reverse proxy.
+WWW_HOST = 'www.' + BASEDOMAIN  # a host with a ipv4 and a ipv6 address
+WWW_IPV4_HOST = 'ipv4.' + BASEDOMAIN  # a host with ONLY a ipv4 address
+WWW_IPV6_HOST = 'ipv6.' + BASEDOMAIN  # a host with ONLY a ipv6 address
+ALLOWED_HOSTS = [WWW_HOST, WWW_IPV4_HOST, WWW_IPV6_HOST]
+
+DEBUG=False
+
+MIDDLEWARE = MIDDLEWARE + ('xff.middleware.XForwardedForMiddleware',)
+MIDDLEWARE = MIDDLEWARE + ('whitenoise.middleware.WhiteNoiseMiddleware',)
+
+# The WhiteNoise middleware should be placed directly after the Django 
+# SecurityMiddleware (if you are using it) and before all other middleware
+# BUT it WORKS even if it's the last one ...
+#MIDDLEWARE = (
+#    'django.middleware.security.SecurityMiddleware',
+#    'whitenoise.middleware.WhiteNoiseMiddleware',
+#    'xff.middleware.XForwardedForMiddleware',
+#    'django.middleware.common.CommonMiddleware',
+#    'django.contrib.sessions.middleware.SessionMiddleware',
+#    'django.middleware.locale.LocaleMiddleware',
+#    'django.middleware.csrf.CsrfViewMiddleware',
+#    'django_referrer_policy.middleware.ReferrerPolicyMiddleware',
+#    'django.contrib.auth.middleware.AuthenticationMiddleware',
+#    'django.contrib.messages.middleware.MessageMiddleware',
+#    'social_django.middleware.SocialAuthExceptionMiddleware',
+#    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+#)
+#
+STATIC_ROOT='/nsupdate/static'
+XFF_TRUSTED_PROXY_DEPTH=1