diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..54c4d0d
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,30 @@
+version: '3.8'
+
+services:
+  step-admin:
+    # Use the remote Git repository directly as build context
+    build: https://gitea.qxy1828.com/chaos/step-web.git#main
+    image: step-admin:latest
+    container_name: step-admin
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_ENV=production
+      # Update these credentials for production!
+      - APP_ADMIN_USERNAME=admin
+      - APP_ADMIN_PASSWORD_HASH=ChangeThisPassword123
+      - APP_SESSION_SECRET=MySuperSecretSessionKey
+      
+      # Step CA integration settings
+      - STEP_CONTEXT=internal-ca
+      - STEP_CA_URL=https://ca.local:8443
+      
+      # Path mapping inside container (defaulted in Dockerfile)
+      - STEP_BIN=/usr/bin/step
+      - STEP_OUTPUT_DIR=/app/data/certs
+    volumes:
+      # Persist SQLite databases and Certificates to local folder './step-data'
+      - ./step-data:/app/data
+      # Optional: Mount your step-ca root_ca.crt if validation fails:
+      # - /path/to/host/root_ca.crt:/var/lib/step-ca/certs/root_ca.crt:ro