diff --git a/.gitignore b/.gitignore
index 1232ddb..00cff3b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@ arena/r*
gonito-*.tar.gz
stack.yaml.lock
.env
+certs/
diff --git a/README.md b/README.md
index 2ba21e5..fddc762 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,8 @@ See the home page (and an instance of Gonito) at https://gonito.net .
Installation
------------
+## For development
+
[Gonito](https://gonito.net) is written in [Haskell](https://www.haskell.org) and uses
[Yesod Web Framework](http://www.yesodweb.com/), but all you need is
just [the Stack tool](https://github.com/commercialhaskell/stack). See https://github.com/commercialhaskell/stack
@@ -39,6 +41,33 @@ After installing Stack:
The last command will start the Web server with Gonito (go to
http://127.0.0.1:3000 in your browser).
+## With docker-compose
+
+The easiest way to run Gonito is with docker-compose.
+
+ git clone https://gitlab.com/filipg/gonito
+ cd gonito
+ cp sample.env .env
+ # now you need to edit .env manually,
+ # in particular, you need to set up the administrator's
+ # password and paths to volumes for the volumes,
+ # cloned data ("arena"), certificates and SSH data;
+ # also you need to set up your certificate
+ # here is an easy way to do it just for local
+ # testing
+ mkdir certs
+ cd certs
+ # generating certificates for HTTPS, remember to
+ # set the `NGINX_CERTIFICATE_DIR` variable in `.env`
+ # so that it would point to `certs` here
+ openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -nodes
+ cd ..
+ docker-compose up
+
+Gonito will be available at . Of course, your
+browser will complain about "Potential Security Risk" as these are
+local certificates.
+
Gonito & git
------------
diff --git a/config/settings.yml b/config/settings.yml
index e967a79..1aacbfc 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -66,7 +66,7 @@ location: "_env:LOCATION:"
#
# https:///auth/realms//protocol/openid-connect/certs
#
-# (key/0 element).
+# (key/0 element, not the whole JSON!).
#
# Note: at the moment, only RS256 is handled.
json-web-key: "_env:JSON_WEB_KEY"
diff --git a/sample.env b/sample.env
index e6cf5c9..54f8ad7 100644
--- a/sample.env
+++ b/sample.env
@@ -11,4 +11,14 @@ NGINX_CERTIFICATE_DIR=/home/user/certs
GONITO_IS_PUBLIC=true
GONITO_SSH_DIRECTORY=/home/user/.ssh
GONITO_VIEWING_PROGRESS_STYLE=with-web-sockets
+
+# JWK key
+#
+# If you use Keycloak, it can be retrived via:
+#
+# https:///auth/realms//protocol/openid-connect/certs
+#
+# (key/0 element, not the whole JSON!).
+#
+# Note: at the moment, only RS256 is handled.
JSON_WEB_KEY={"kty":"RSA", "alg":"RS256", "use":"sig", "kid":"h01jmt_bD-1Di8i_GYbEV2a4NxhptzySHO-R8VuNHVA", "e":"AQAB", "n": "qG1elE6KPW3BYMxNpgK73MoksvbrUSfpRY4z9hU5iMsJREyD5Ar6XpjM1xAr6G7xglnOoumPC9o6FqhDHihm6QdJ5s5MA9ZyGkbi--kvy9Qc2d_VIGU-UR4vwyk3hAwXOFLhoknpQrJBJmMQvGFdas1Yr-m9EIWwT1zN7neHZkRUYZSVyQw_XghtMIWAUsLnhr6mM7nstHLafgxe5Qamzuc4K5EC_qipFXu4ugYkMDnaknlhkT43m7tcduVDnv5GV_4dBesF7FRII8tgUQWyw3Ty_FIoq43SInUPU_9cxA-qPGQz5C50th2aJl1z1snpLWS_1Zfsa8lnFsMj8_oh6w"}