From 108bf84ebb9d4bfd7273491c6ddecbc64a1aa08a Mon Sep 17 00:00:00 2001
From: Louis Poinsignon <githublspgn@s32.mygb.eu>
Date: Thu, 11 Apr 2019 14:25:14 -0700
Subject: [PATCH] Docker and documentation update: Updated README with more
 details on Docker and SSH When creating a Docker container, generates an
 ECDSA key for SSH

---
 Dockerfile.gortr      |  6 ++++++
 Dockerfile.gortr.prod |  6 ++++++
 README.md             | 31 +++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+)

diff --git a/Dockerfile.gortr b/Dockerfile.gortr
index 8df9eba..0b32372 100644
--- a/Dockerfile.gortr
+++ b/Dockerfile.gortr
@@ -11,6 +11,11 @@ COPY . .
 
 RUN go build cmd/gortr/gortr.go
 
+FROM alpine:latest as keygen
+
+RUN apk --update --no-cache add openssl
+RUN openssl ecparam -genkey -name prime256v1 -noout -outform pem > private.pem
+
 FROM alpine:latest
 ARG src_dir
 
@@ -19,4 +24,5 @@ RUN apk --update --no-cache add ca-certificates && \
 USER rtr
 
 COPY --from=builder ${src_dir}/gortr ${src_dir}/cmd/gortr/cf.pub /
+COPY --from=keygen /private.pem /private.pem
 ENTRYPOINT ["./gortr"]
diff --git a/Dockerfile.gortr.prod b/Dockerfile.gortr.prod
index 0484798..a7c90df 100644
--- a/Dockerfile.gortr.prod
+++ b/Dockerfile.gortr.prod
@@ -6,6 +6,11 @@ ARG src_uri
 RUN apk --update --no-cache add git && \
     go get -u $src_uri
 
+FROM alpine:latest as keygen
+
+RUN apk --update --no-cache add openssl
+RUN openssl ecparam -genkey -name prime256v1 -noout -outform pem > private.pem
+
 FROM alpine:latest
 ARG src_uri
 
@@ -15,4 +20,5 @@ USER rtr
 
 COPY --from=builder /go/bin/gortr /
 COPY cmd/gortr/cf.pub /
+COPY --from=keygen /private.pem /private.pem
 ENTRYPOINT ["./gortr"]
diff --git a/README.md b/README.md
index 44a94bb..fe8a4c1 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,37 @@ $ git clone git@github.com:cloudflare/gortr.git && cd gortr
 $ go build cmd/gortr/gortr.go
 ```
 
+## With Docker
+
+If you do not want to use Docker, please go to the next section.
+
+If you have **Docker**, you can start GoRTR with `docker run -ti -p 8082:8082 cloudflare/gortr`.
+The containers contains Cloudflare's public signing key and an testing ECDSA private
+key for the SSH server.
+
+It will automatically download Cloudflare's prefix list and use the public key
+to validate it.
+
+You can now use any CLI attributes as long as they are after the image name:
+```bash
+$ docker run -ti -p 8083:8083 cloudflare/gortr -bind :8083
+```
+
+If you want to build your own image of GoRTR:
+```bash
+$ docker build -t mygortr -f Dockerfile.gortr.prod .
+$ docker run -ti mygortr -h
+```
+It will download the code from GitHub and compile it with Go and also generate an ECDSA key for SSH.
+
+Please note: if you plan to use SSH with Cloudflare's default container (`cloudflare/gortr`),
+replace the key `private.pem` since it is a testing key that has been published.
+An example is given below:
+
+```bash
+$ docker run -ti -v $PWD/mynewkey.pem:/private.pem cloudflare/gortr -ssh.bind :8083
+```
+
 ## Install it
 
 ```bash