diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fe19e66
--- /dev/null
+++ b/README.md
@@ -0,0 +1,74 @@
+[ProFTPD](http://www.proftpd.org/)
+
+# Volumes
+- `/var/lib/proftp/data`: root directory for files
+- `/etc/ssl/proftp:ro`: certificates have to be here
+
+# Environment Variables
+## SERVER_NAME
+Name displayed to connecting users.
+
+## PASSIVE_LOWER_BOUND
+Lower bound for the passive port range.
+
+## PASSIVE_UPPER_BOUND
+Upper bound for the passive port range.
+
+## TLS_PROTOCOL
+- default: TLSv1.2
+
+SSL/TLS protocol version to use.
+
+## TLS_CIPHERS
+- default: AES128+EECDH:AES128+EDH
+
+Cipher list to use.
+
+## CERT_NAME
+- default: fullchain.pem
+
+Name of the certificate file.
+
+## KEY_NAME
+- default: privkey.pem
+
+Name of the key file.
+
+## LDAP_URI
+Full ldap uri with search qualifier.
+
+For example: `ldap://ldap:389/??sub`
+
+## LDAP_BASE
+Base DN for ldap searches.
+
+## LDAP_FILTER
+Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
+
+`%u` is replaced with the username.
+
+## LDAP_BIND_DN
+DN to use when connecting to the ldap host.
+
+## LDAP_BIND_PASSWORD
+Password to use when connecting to the ldap host.
+
+## LDAP_USE_TLS
+- default: on
+
+Whether to use tls when connecting to the ldap host.
+
+## LDAP_USE_AUTH_BIND
+- default: on
+
+Whether to use auth bind with ldap.
+
+# Ports
+- 21
+- All ports in the defined bounds
+
+## Capabilities
+- DAC_OVERRIDE
+- NET_BIND_SERVICE
+- SETGID
+- SETUID