diff --git a/Dockerfile b/Dockerfile
index 787df90..e43c154 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,8 +9,8 @@ ARG PIP_TRUSTED_HOST=127.0.0.1
 ENV DEVPI_VERSION $DEVPI_VERSION
 
 RUN NO_PROXY=$PIP_TRUSTED_HOST pip --trusted-host $PIP_TRUSTED_HOST install -i $PIP_INDEX_URL --upgrade \
-  "devpi-client>=2.3.0,<2.4" \
-  "devpi-server==$DEVPI_VERSION"
+    "devpi-client>=2.3.0,<2.4" \
+    "devpi-server==$DEVPI_VERSION"
 
 EXPOSE 3141
 VOLUME /data
diff --git a/README.md b/README.md
index 5e5e489..78909ed 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,76 @@
 docker-devpi
 ============
 
-Dockerfile for devpi pypi server
+This repository contains a Dockerfile for [devpi pypi server](http://doc.devpi.net/latest/).
 
-http://doc.devpi.net/latest/
+You can use this container to speed up the `pip install` parts of your docker builds. This is done by adding an optional cache of your requirement python packages and speed up docker. The outcome is faster development without breaking builds.
+
+# Getting started
+
+## Installation
+
+`docker pull muccg/docker-devpi`
+
+## Quickstart
+
+Start using
+
+```bash
+docker run -d --name devpi \
+    --publish 3141:3141 \
+    --volume /srv/docker/devpi:/data \
+    --env=DEVPI_PASSWORD=changemetoyourlongsecret \
+    --restart always \
+    muccg/docker-devpi
+```
+
+*Alternatively, you can use the sample [docker-compose.yml](docker-compose.yml) file to start the container using [Docker Compose](https://docs.docker.com/compose/)*
+
+Please set DEVPI_PASSWORD to a secret otherwise an attacker can *execute arbitrary code*.
+
+## Client side usage
+
+To use this devpi cache to speed up your dockerfile builds, add use the code below in your dockerfiles. This will add the devpi container an optional cache for pip. The docker containers will try using port 3141 on the docker host first and fall back on the normal pypi servers without breaking the build.
+
+```Dockerfile
+# Install netcat for ip route
+RUN apt-get update \
+ && apt-get install -y netcat \
+ && rm -rf /var/lib/apt/lists/*
+
+ # Use an optional pip cache to speed development
+RUN export HOST_IP=$(ip route| awk '/^default/ {print $3}') \
+ && mkdir -p ~/.pip \
+ && echo [global] >> ~/.pip/pip.conf \
+ && echo extra-index-url = http://$HOST_IP:3141/app/dev/+simple >> ~/.pip/pip.conf \
+ && echo [install] >> ~/.pip/pip.conf \
+ && echo trusted-host = $HOST_IP >> ~/.pip/pip.conf \
+ && cat ~/.pip/pip.conf
+```
+
+## Uploading python packages files
+
+You need to upload your python requirement to get any benefit from the devpi container. You can upload them using the bash code below a similar build environment.
+
+```bash
+pip wheel --download=packages --wheel-dir=wheelhouse -r requirements.txt
+pip install "devpi-client>=2.3.0" \
+&& export HOST_IP=$(ip route| awk '/^default/ {print $3}') \
+&& if devpi use http://$HOST_IP:3141>/dev/null; then \
+       devpi use http://$HOST_IP:3141/root/public --set-cfg \
+    && devpi login root --password=$DEVPI_PASSWORD  \
+    && devpi upload --from-dir --formats=* ./wheelhouse ./packages; \
+else \
+    echo "No started devpi container found at http://$HOST_IP:3141"; \
+fi
+```
+
+# Persistence
+
+For devpi to preserve its state across container shutdown and startup you should mount a volume at `/data`. The quickstart command already includes this.
+
+# Security
+
+Devpi creates a user named root by default, its password should be set with DEVPI_PASSWORD environment variable. Please set it, otherwise attackers can *execute arbitrary code* in your application by uploading modified packages.
+
+For additional security the argument `--restrict-modify root` has been added so only the root may create users and indexes.
diff --git a/build.sh b/build.sh
index 6a0f2ac..c242cec 100755
--- a/build.sh
+++ b/build.sh
@@ -22,7 +22,6 @@ DEVPI_VERSION="2.5.3"
 
 image="${REPO}/devpi"
 echo "################################################################### ${image}"
-        
 ## warm up cache for CI
 docker pull ${image} || true
 
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..bcde2c2
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,9 @@
+devpi:
+  image: muccg/docker-devpi
+  volumes:
+    - /srv/docker/devpi:/data
+  ports:
+    - 3141:3141
+  environment:
+    - DEVPI_PASSWORD=
+  restart: always
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 6344e4a..6060285 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -12,7 +12,7 @@ function defaults {
 
 function initialise_devpi {
     echo "[RUN]: Initialise devpi-server"
-    devpi-server --start --host 127.0.0.1 --port 3141
+    devpi-server --restrict-modify root --start --host 127.0.0.1 --port 3141
     devpi-server --status
     devpi use http://localhost:3141
     devpi login root --password=''
@@ -30,7 +30,7 @@ if [ "$1" = 'devpi' ]; then
     fi
 
     echo "[RUN]: Launching devpi-server"
-    devpi-server --host 0.0.0.0 --port 3141 2>&1 | tee /data/server/devpi.log
+    devpi-server --restrict-modify root --host 0.0.0.0 --port 3141 2>&1 | tee /data/server/devpi.log
     exit $?
 fi