diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..f367822f
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+*
+!blueocean-commons/target/blueocean-commons.hpi 
+!blueocean-dashboard/target/blueocean-dashboard.hpi 
+!blueocean-plugin/target/blueocean-plugin.hpi 
+!blueocean-rest/target/blueocean-rest.hpi 
+!blueocean-web/target/blueocean-web.hpi 
+!docker-demo/
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..511d29d1
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,32 @@
+FROM jenkinsci/jenkins:latest
+
+COPY blueocean-commons/target/blueocean-commons.hpi /usr/share/jenkins/ref/plugins/
+COPY blueocean-dashboard/target/blueocean-dashboard.hpi /usr/share/jenkins/ref/plugins/
+COPY blueocean-plugin/target/blueocean-plugin.hpi /usr/share/jenkins/ref/plugins/
+COPY blueocean-rest/target/blueocean-rest.hpi /usr/share/jenkins/ref/plugins/
+COPY blueocean-web/target/blueocean-web.hpi /usr/share/jenkins/ref/plugins/
+
+USER root
+
+RUN cd /usr/share/jenkins/ref/plugins/; \
+	install-plugins.sh blueocean-commons \
+                       blueocean-dashboard \
+                       blueocean-plugin \
+                       blueocean-rest \
+                       blueocean-web \
+                       workflow-aggregator \
+                       docker-workflow \
+                       pipeline-utility-steps	\
+                       pipeline-stage-view \
+                       git \
+                       antisamy-markup-formatter \
+                       matrix-auth # for security, you know
+
+# Force use of latest blueocean plugin, until this one is published and users can rely on update center for updates
+RUN for f in /usr/share/jenkins/ref/plugins/blueocean-*.hpi; do mv "$f" "$f.override"; done
+
+# See JENKINS-34035 - disable upgrade wizard
+RUN echo -n 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state  && \
+    echo -n 2.0 > /usr/share/jenkins/ref/jenkins.install.InstallUtil.lastExecVersion
+
+USER jenkins
diff --git a/docker-demo/Dockerfile b/docker-demo/Dockerfile
new file mode 100644
index 00000000..e8a6d275
--- /dev/null
+++ b/docker-demo/Dockerfile
@@ -0,0 +1,9 @@
+FROM jenkinsci/blueocean
+
+# Security must be enabled to enable HTML rendering of the system message.
+# Sacrifice to the Demo Gods.
+ENV ADMIN_USERNAME admin
+ENV ADMIN_PASSWORD admin
+
+COPY blueocean-demo.png /usr/share/jenkins/ref/userContent/blueocean-demo.png
+COPY *.groovy  /usr/share/jenkins/ref/init.groovy.d/
diff --git a/docker-demo/README b/docker-demo/README
new file mode 100644
index 00000000..c8bbb241
--- /dev/null
+++ b/docker-demo/README
@@ -0,0 +1,4 @@
+This directory contains material for building the demo Docker image
+
+Only the Dockerfile is not here, so that building the image is easier from the repository root.
+
diff --git a/docker-demo/blueocean-demo.png b/docker-demo/blueocean-demo.png
new file mode 100644
index 00000000..751f2025
Binary files /dev/null and b/docker-demo/blueocean-demo.png differ
diff --git a/docker-demo/enable_security.groovy b/docker-demo/enable_security.groovy
new file mode 100644
index 00000000..3a4ca4b9
--- /dev/null
+++ b/docker-demo/enable_security.groovy
@@ -0,0 +1,33 @@
+// Thanks https://gist.github.com/hayderimran7/50cb1244cc1e856873a4
+import jenkins.model.*
+import hudson.security.*
+
+def instance = Jenkins.getInstance()
+
+def adminUserName = System.getenv("ADMIN_USERNAME")
+def adminPassword = System.getenv("ADMIN_PASSWORD")
+
+assert adminUserName != null : "No ADMIN_USERNAME env var provided, but required"
+assert adminPassword != null : "No ADMIN_PASSWORD env var provided, but required"
+
+def hudsonRealm = new HudsonPrivateSecurityRealm(false)
+// FIXME : just during debugging/initial dev, remove the password part of that log
+println "Creating the '$adminUserName' admin user with provided password (using env var 'ADMIN_PASSWORD')"
+
+if(adminPassword.equals(System.getenv("DEFAULT_ADMIN_PASSWORD"))) {
+  println("WARNING: You didn't change the default image password, there may be a security risk")
+  println("WARNING: Pass the value using 'docker run -e ADMIN_PASSWORD=theOneYouWant ...'")
+}
+hudsonRealm.createAccount("admin", System.getenv("ADMIN_PASSWORD"))
+instance.setSecurityRealm(hudsonRealm)
+
+// enable html rendering of description (from antisamy-markup-formatter)
+instance.setMarkupFormatter(new hudson.markup.RawHtmlMarkupFormatter(false))
+
+def strategy = new GlobalMatrixAuthorizationStrategy()
+strategy.add(Jenkins.ADMINISTER, "admin")
+
+strategy.add(Jenkins.READ, "anonymous")
+instance.setAuthorizationStrategy(strategy)
+
+instance.save()
diff --git a/docker-demo/set_welcome_message.groovy b/docker-demo/set_welcome_message.groovy
new file mode 100644
index 00000000..b7ec7a41
--- /dev/null
+++ b/docker-demo/set_welcome_message.groovy
@@ -0,0 +1,8 @@
+jenkins.model.Jenkins.instance.setSystemMessage(
+"""
+<p>Welcome to Jenkins Blue Ocean Demo. Click on the image below: </p>
+<p><a href="/blue"><img src="/userContent/blueocean-demo.png" /></a></p>
+
+<p>log in with <strong>admin/admin</strong></p>
+"""
+)