diff --git a/doc/deploying-a-server.md b/doc/deploying-a-server.md
index 74108140717b79fc596aef78724c121aaa10c068..c1e2410c05fbc23a5ec267930a3c4667b0ed3c82 100644
--- a/doc/deploying-a-server.md
+++ b/doc/deploying-a-server.md
@@ -4,7 +4,8 @@
 Make sure you read [getting started](getting-started-as-a-hoster.md) first.
 
 ### Prepare your orchestration data
-* Get a CoreOS server, for instance from [RackSpace](rackspace.com) or [Vultr](vultr.com).
+* Get a CoreOS or Ubuntu server, for instance from [RackSpace](rackspace.com) or [Vultr](vultr.com).
+* If you chose Ubuntu, follow the [Ubuntu-specific](running-on-ubuntu.md) instructions, then continue here.
 * If you didn't add your public ssh key during the order process (e.g. through your IaaS control panel or a cloud-config file),
   scp your laptop's public ssh key (probably in `~/.ssh/id_rsa.pub`) to `.ssh/authorized_keys` for the remote user
   you will be ssh-ing and scp-ing as (the default remote user of our deploy scripts is 'core').
diff --git a/doc/running-on-ubuntu.md b/doc/running-on-ubuntu.md
index ba2d1dd1b283bbc1bcf7a75205a09c5cc3d31139..baf6b59ea773923aa4708f270a3d286259779631 100644
--- a/doc/running-on-ubuntu.md
+++ b/doc/running-on-ubuntu.md
@@ -6,12 +6,13 @@ dpkg-reconfigure -plow unattended-upgrades
 # set unattended upgrades to 'Yes'
 apt-get -y install systemd-sysv git docker.io
 printf '#!/bin/sh\ndocker run --net=host quay.io/coreos/etcd:v0.4.6 /etcdctl $1 $2 $3 $4' > /usr/local/bin/etcdctl
+chmod u+x /usr/local/bin/etcdctl
 printf "[Unit]\nRequires=docker.service\nAfter=docker.service\n[Service]\nRestart=always\n\
 ExecStartPre=-/usr/bin/docker kill etcd\n\
 ExecStartPre=-/usr/bin/docker rm etcd\n\
 ExecStart=/usr/bin/docker run \
   --name etcd \
-  -p 4001:4001 \
+  -p 127.0.0.1:4001:4001 \
   quay.io/coreos/etcd:v0.4.6\n\
 ExecReload=/usr/bin/docker restart etcd\n\
 ExecStop=/usr/bin/docker stop etcd\n\
@@ -29,6 +30,5 @@ etcdctl ls
 etcdctl help
 ````
 
-Be aware that this will expose etcd on port 4001, also on the public IP address, so if you are using this in production the it is very important to block this port on the firewall.
 Now follow the [CoreOS-based instructions](deploying-a-server.md)