diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..3809880
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,24 @@
+FROM node:20-slim
+RUN apt update && apt install curl -y
+
+RUN useradd --create-home -u 4820 dht-prometheus
+
+# Should not be changed (target loc of a volume)
+ENV DHT_PROM_PROMETHEUS_TARGETS_LOC=/home/dht-prometheus/prometheus/targets.json
+
+COPY package-lock.json /home/dht-prometheus/
+COPY node_modules /home/dht-prometheus/node_modules
+COPY package.json /home/dht-prometheus/
+COPY run.js /home/dht-prometheus/
+COPY index.js /home/dht-prometheus/
+COPY LICENSE /home/dht-prometheus/
+COPY NOTICE /home/dht-prometheus/
+COPY lib /home/dht-prometheus/lib
+
+USER dht-prometheus
+
+RUN mkdir /home/dht-prometheus/prometheus
+
+WORKDIR /home/dht-prometheus
+
+ENTRYPOINT ["node", "/home/dht-prometheus/run.js"]
diff --git a/README.md b/README.md
index 6fc7df4..0b4b65f 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,18 @@ The DHT-prometheus service fulfils two complementary roles:
### Run
+#### Docker
+
+```
+docker run --network host --env DHT_PROM_SHARED_SECRET= --mount type=bind,source=/etc/prometheus/config/prometheus-dht-targets,destination=/home/dht-prometheus/prometheus
+```
+
+The intent is for the prometheus service to read its config from a read-only bind mount to `/etc/prometheus/config`, and for its config file to reference `./prometheus-dht-targets/targets.json`
+
+Note: `/etc/prometheus/config/prometheus-dht-targets` should be writable by the container's user.
+
+#### CLI
+
```
DHT_PROM_PROMETHEUS_TARGETS_LOC=path/to/prometheus/targets.json DHT_PROM_HTTP_PORT=30000 DHT_PROM_SHARED_SECRET= dht-prometheus
```