diff --git a/README.md b/README.md
index 3ecbce2..744b4dd 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,33 @@ Among other things these tweaks are included :
- inclusion of tzdata for time setup
- ## Docker image
+## Docker image
+
+### Usage
+
+Since this is just a base image, some additional setup is needed.
+The following is just an example of how your Dockerfile could look like.
+
+```sh
+# Password for the certificate
+# this image contains the entire .NET SDK and is ideal for creation the build
+FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
+WORKDIR /App
+COPY . ./
+# Restore dependencies for your application
+RUN dotnet restore
+# Build your application
+RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false
+
+FROM git.claeyscloud.com/david/net-base:latest
+WORKDIR /App
+# copy build files from build-stage
+COPY --from=build-env /App/out .
+# change ownership of files to the app user
+RUN chown -R app:app /App/
+# entrypoint for image
+ENTRYPOINT ["dotnet", "test.dll"]
+```
### Environment Variables
@@ -43,35 +69,9 @@ docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
| DOTNET_RUNTIME_VERSION | The [runtime](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/aspnet/tags) version used as a base | 9.0.3 |
| ALPINE_VERSION | The version of [alpine linux](https://www.alpinelinux.org/) used as a base
Currently you can choose between `3.20` or `3.21` | 3.21 |
-### Usage
+## Security implications
-Since this is just a base image, some additional setup is needed.
-The following is just an example of how your Dockerfile could look like.
-
-```sh
-# Password for the certificate
-# this image contains the entire .NET SDK and is ideal for creation the build
-FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
-WORKDIR /App
-COPY . ./
-# Restore dependencies for your application
-RUN dotnet restore
-# Build your application
-RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false
-
-FROM git.claeyscloud.com/david/net-base:latest
-WORKDIR /App
-# copy build files from build-stage
-COPY --from=build-env /App/out .
-# change ownership of files to the app user
-RUN chown -R app:app /App/
-# entrypoint for image
-ENTRYPOINT ["dotnet", "test.dll"]
-```
-
-### Security implications
-
-#### Webserver and certificates
+### Webserver and certificates
This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
@@ -87,3 +87,9 @@ The certificate included by default (generated through the _dotnet dev-certs_ co
In practice it's much easier to expose the server through a proxy to the public (hence the recommended method).
Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
+### Included certificate
+
+The included certificate is generated through the _dotnet dev-certs_ command. This is very convenient and suitable way to generated development certificates through the dotnet SDK.
+The password used to generate the certificate is randomly generated through the `openssl rand -base64 12` at build time.
+The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so).
+However if you feel uncomfortable with this fact, feel free to build the image yourself.