diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..5fde600
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+.git
+_build
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..097b564
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,10 @@
+FROM ocaml/opam:debian-8_ocaml-4.03.0
+RUN sudo apt-get install -y m4 libxen-dev
+RUN opam install -y vchan xen-gnt mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage
+RUN opam pin add -n -y mirage-nat 'https://github.com/talex5/mirage-nat.git#simplify-checksum'
+RUN mkdir /home/opam/qubes-mirage-firewall
+ADD config.ml /home/opam/qubes-mirage-firewall/config.ml
+WORKDIR /home/opam/qubes-mirage-firewall
+RUN opam config exec -- mirage configure --xen
+CMD opam config exec -- mirage configure --xen --no-opam && \
+    opam config exec -- make tar
diff --git a/README.md b/README.md
index a62ed36..2fc182a 100644
--- a/README.md
+++ b/README.md
@@ -7,11 +7,25 @@ Note: This firewall *ignores the rules set in the Qubes GUI*. See `rules.ml` for
 
 See [A Unikernel Firewall for QubesOS][] for more details.
 
+## Build (with Docker)
+
+Clone this Git repository and run the `build-with-docker.sh` script:
+
+    sudo yum install docker
+    sudo systemctl start docker
+    git clone https://github.com/talex5/qubes-mirage-firewall.git
+    cd qubes-mirage-firewall
+    ./build-with-docker.sh
+
+This took about 10 minutes on my laptop (it will be much quicker if you run it again).
+
+## Build (without Docker)
+
 To build (tested by creating a fresh Fedora 23 AppVM in Qubes):
 
 1. Install build tools:
 
-        sudo yum install git gcc m4 0install patch ncurses-devel
+        sudo yum install git gcc m4 0install patch ncurses-devel tar bzip2 unzip make which findutils xen-devel
         mkdir ~/bin
         0install add opam http://tools.ocaml.org/opam.xml
         opam init --comp=4.02.3
@@ -29,6 +43,8 @@ To build (tested by creating a fresh Fedora 23 AppVM in Qubes):
         mirage configure --xen
         make
 
+## Deploy
+
 If you want to deploy manually, use `make tar` to create `mirage-firewall.tar.bz2` and unpack this in dom0, inside `/var/lib/qubes/vm-kernels/`. e.g. (if `dev` is the AppVM where you built it):
 
         [tal@dom0 ~]$ cd /var/lib/qubes/vm-kernels/
diff --git a/build-with-docker.sh b/build-with-docker.sh
new file mode 100755
index 0000000..31f85f4
--- /dev/null
+++ b/build-with-docker.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+set -eux
+docker build -t qubes-mirage-firewall .
+docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall