diff --git a/.gitignore b/.gitignore
index b25c15b..846d04b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *~
+env
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..bab7ad6
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,24 @@
+services:
+  brewblogger:
+    build: .
+    volumes:
+      - brewblogger-html:/var/www/html
+    env_file: env
+    container_name: brewblogger
+    restart: unless-stopped
+    networks:
+      - www
+      - sql
+      
+networks:
+  www:
+    name: www
+    external: true
+  sql:
+    name: sql
+    external: true
+
+volumes:
+  brewblogger-html:
+    name: brewblogger-html
+    external: true
diff --git a/env.example b/env.example
new file mode 100644
index 0000000..2b50e6c
--- /dev/null
+++ b/env.example
@@ -0,0 +1,4 @@
+DB_SCHEMA=brewblogger
+DB_PASSWD=super-secret-password-goes-here
+DB_USER=brewblogger
+DB_HOST=mariadb.sql
diff --git a/nginx-conf b/nginx-conf
new file mode 100644
index 0000000..1a319bf
--- /dev/null
+++ b/nginx-conf
@@ -0,0 +1,48 @@
+server
+{
+  listen 80;
+  listen [::]:80;
+  server_name www.beerandloafing.org;
+  return 301 https://$server_name$request_uri;
+}
+
+server 
+{ 
+  listen 443 ssl; 
+  listen [::]:443 ssl;
+  server_name www.beerandloafing.org; 
+  include /etc/nginx/conf.d/ssl.inc;
+  root /var/www/brewblogger; 
+
+  index index.php; 
+
+  # add_header X-Frame-Options "SAMEORIGIN" always;
+  # add_header X-XSS-Protection "1; mode=block" always;
+  # add_header X-Content-Type-Options "nosniff" always;
+  # add_header Referrer-Policy "no-referrer-when-downgrade" always;
+  # add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  # enable strict transport security only if you understand the implications
+
+  location / 
+  {
+    try_files $uri $uri/ /index.php?$args;
+  }
+  
+  location ~ [^/]\.php(/|$) 
+  { 
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f $document_root$fastcgi_script_name) 
+    {
+      return 404;
+    }
+
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
+    fastcgi_param PATH_INFO       $fastcgi_path_info;
+    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
+
+    fastcgi_pass   brewblogger.www:9000;
+    fastcgi_index  index.php; 
+  } 
+}