diff --git a/data/server-wide/haproxy/crt-list b/data/server-wide/haproxy/crt-list
new file mode 100644
index 0000000000000000000000000000000000000000..22f74ba61613e4021c9f3a51f576a094be58f9a3
--- /dev/null
+++ b/data/server-wide/haproxy/crt-list
@@ -0,0 +1,6 @@
+  
+/etc/haproxy/approved-certs/michielbdejong.com.pem michielbdejong.com
+/etc/haproxy/approved-certs/michielbdejong.com.pem www.michielbdejong.com
+  
+/etc/haproxy/approved-certs/otherdomain.com.pem otherdomain.com
+/etc/haproxy/approved-certs/otherdomain.com.pem www.otherdomain.com
diff --git a/data/server-wide/haproxy/haproxy.cfg b/data/server-wide/haproxy/haproxy.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..51af0e001cb04c3f6077fd47d0463cee6f3c79a4
--- /dev/null
+++ b/data/server-wide/haproxy/haproxy.cfg
@@ -0,0 +1,44 @@
+global
+  maxconn 4096
+  user haproxy
+  group haproxy
+
+defaults
+  mode http
+  option forwardfor
+  option httpclose
+  option httplog
+  option dontlognull
+  retries 3
+  timeout connect 5000
+  timeout client 50000
+  timeout server 50000
+
+frontend https-in
+mode http
+  bind *:443 ssl crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
+  reqadd X-Forwarded-Proto:\ https
+    
+# otherdomain.com:
+  acl https_otherdomain.com hdr(host) -i otherdomain.com
+  acl https_otherdomain.com hdr(host) -i www.otherdomain.com
+  use_backend otherdomain.com if https_otherdomain.com
+    
+# michielbdejong.com:
+  acl https_michielbdejong.com hdr(host) -i michielbdejong.com
+  acl https_michielbdejong.com hdr(host) -i www.michielbdejong.com
+  use_backend michielbdejong.com if https_michielbdejong.com
+  
+frontend http-in
+  bind *:80
+  redirect scheme https code 301
+  
+# michielbdejong.com:
+backend michielbdejong.com
+  cookie SERVERID insert nocache indirect
+  server Server michielbdejong.com-backend:80 cookie Server
+  
+# otherdomain.com:
+backend otherdomain.com
+  cookie SERVERID insert nocache indirect
+  server Server otherdomain.com-backend:80 cookie Server
diff --git a/data/server-wide/haproxy/runme.sh b/data/server-wide/haproxy/runme.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e5f71144e79d01cf7c40abaa6c691aed0079806c
--- /dev/null
+++ b/data/server-wide/haproxy/runme.sh
@@ -0,0 +1,5 @@
+docker rm haproxy
+docker run -d --restart=always --name haproxy -v $(pwd):/etc/haproxy -p 80:80 -p 443:443 \
+  --link michielbdejong.com:michielbdejong.com-backend \
+  --link otherdomain.com:otherdomain.com-backend \
+  indiehosters/haproxy
diff --git a/data/server-wide/postfix/runme.sh b/data/server-wide/postfix/runme.sh
new file mode 100755
index 0000000000000000000000000000000000000000..c42251abb979561c8213461553373f0a16100d56
--- /dev/null
+++ b/data/server-wide/postfix/runme.sh
@@ -0,0 +1,2 @@
+docker rm postfix
+docker run -d --name postfix -v $(pwd):/data -p 25:25 indiehosters/postfix-forwarder
diff --git a/doc/using-just-docker-and-bash.md b/doc/using-just-docker-and-bash.md
index 5af6d9675e3b74dd5cb9a543dea53cf872e2fa7b..6a48556a0e149a47badbf2ce57383561fb96d423 100644
--- a/doc/using-just-docker-and-bash.md
+++ b/doc/using-just-docker-and-bash.md
@@ -6,19 +6,25 @@ Given that CoreOS is not available everywhere, and the Ubuntu 14.10 setup with e
 I'll try if I can run all our services (postfix-forwarder, haproxy, and the various web backend containers) on an off-the-shelf Ubuntu server.
 Note that not all servers support Docker, because of kernel modules etcetera; of the images I tried at Gandi, only the Ubuntu 12.04-64 one
 allowed me to actually run `docker ps`, and even on there, I was not able to run `docker run debian apt-get update` because from the looks
-of it, containers are not allowed to contact the outside world. In the end I got an Ubuntu 14.10 server at Rackspace.
-Note that about 5GB of disk space will be used, and when running multiple sites, 1Gb of RAM is probably also well-spent.
+of it, containers are not allowed to contact the outside world. In the end I got a Debian 7.6 server at Linode.
+Note that about 5GB of disk space will be used, and when running multiple sites, 2Gb of RAM is probably also well-spent.
 Here's what I did to prepare the server:
 
 ````bash
 apt-get update && apt-get -y upgrade
-apt-get -y install unattended-upgrades docker.io git
+apt-get -y install unattended-upgrades git
 
 dpkg-reconfigure -plow unattended-upgrades
 # set unattended upgrades to 'Yes'
 
 ssh-keygen -t rsa
 # select all the defaults by hitting <enter> repeatedly
+
+# Install Docker:
+curl -sSL https://get.docker.com/ | sh
+
+# In this case I also had to:
+/etc/init.d/exim stop
 ````
 
 Test your server by running `docker run debian apt-get update` (there should be no 'could not resolve' errors).
@@ -32,7 +38,7 @@ git clone git@bu25:haproxy
 cd haproxy; ./runme.sh; cd ..
 ````
 
-TODO: document how to create and update such postfix and haproxy migration archives.
+These 'postfix' and 'haproxy' repos with their `runme.sh` files look like the samples in the `data/` folder of this repo.
 
 And then for each domain I host:
 
@@ -41,8 +47,21 @@ git clone git@bu25:michielbdejong.com
 cd michielbdejong.com; ./runme.sh; cd ..
 ````
 
-TODO: document how to create and update such web app migration archives.
+These domain repos look quite similar to the IndieHosters migration format, except that there is a `runme.sh` file in there,
+as follow:
+
+````
+docker rm michielbdejong.com
+docker run -d --restart=always --name michielbdejong.com -v $(pwd):/data indiehosters/lamp-git
+docker inspect -f {{.NetworkSettings.IPAddress}} michielbdejong.com
+````
+
+And furthermore, the dump.sql file includes the 'mysql' database as well as the 'known' database, so that the local 'root' user
+is created, and the php files of Known 0.6.5 are included (will iron out that difference when switching from generic lamp-git
+image to specific Known image).
 
-Now the only thing you need to do is to get each backend IP address from `docker inspect michielbdejong.com` and edit `/data/haproxy/haproxy.cfg` with the correct IP address.
+Now the only thing you need to be careful with is to start haproxy *after* starting the backends, otherwise the container linking
+doesn't work. This means reboots are not actually safe, and also, at the time of writing, hourly backups are not working yet in the
+lamp-git image, so be aware that this is a work in progress. :)
 
-The idea of this setup would be to eventually make the migration format support both single-tennant and multi-tennant setups out of the box, but for now, the per-user migration archives are just the haproxy backends, and does not include the postfix, haproxy, DNS, and DNR data.
+The idea of this setup would be to eventually support the migration format in a programmatic way.