docs: Add steps for user-provided certificate for docker container

docs/content/setup/docker.md

@@ -13,21 +13,118 @@ The Infection Monkey Docker container works on Linux only. It is not compatible
 
 ## Deployment
 
-### Linux
+### 1. Load the docker images
+1. Pull the MongoDB v4.2 Docker image:
 
-To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
+    ```bash
+    sudo docker pull mongo:4.2
+    ```
 
-Once you've extracted the container from the tar.gz file, run the following commands:
+1. Extract the Monkey Island Docker tarball:
 
-```sh
+    ```bash
-sudo docker load -i dk.monkeyisland.1.10.0.tar
+    tar -xvzf monkey-island-docker.tar.gz
-sudo docker pull mongo:4.2
+    ```
-sudo mkdir -p /var/monkey-mongo/data/db
-sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo:4.2
-sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.10.0
-```
 
-Wait until the Island is done setting up and it will be available on https://localhost:5000
+1. Load the Monkey Island Docker image:
+
+    ```bash
+    sudo docker load -i dk.monkeyisland.1.10.0.tar
+    ```
+
+### 2. Start MongoDB
+
+1. Start a MongoDB Docker container:
+
+    ```bash
+    sudo docker run \
+        --name monkey-mongo \
+        --network=host \
+        --volume db:/data/db \
+        --detach mongo:4.2
+    ```
+
+### 3a. Start Monkey Island with default certificate
+
+By default, Infection Monkey comes with a [self-signed SSL certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
+enterprise or other security-sensitive environments, it is recommended that the
+user [provide Infection Monkey with a
+certificate](#3b-start-monkey-island-with-user-provided-certificate) that has
+been signed by a private certificate authority.
+
+1. Run the Monkey Island server
+    ```bash
+    sudo docker run \
+        --name monkey-island \
+        --network=host \
+        guardicore/monkey-island:1.10.0
+    ```
+
+### 3b. Start Monkey Island with User-Provided Certificate
+
+1. Create a directory named `monkey_island_data`. This will serve as the
+   location where Infection Monkey stores its configuration and runtime
+   artifacts.
+
+    ```bash
+    mkdir ./monkey_island_data
+    ```
+
+1. Run Monkey Island with the `--setup-only` flag to populate the `./monkey_island_data` directory with a default `server_config.json` file.
+
+    ```bash
+    sudo docker run \
+        --rm \
+        --name monkey-island \
+        --network=host \
+        --user $(id -u ${USER}):$(id -g ${USER}) \
+        --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
+        guardicore/monkey-island:1.10.0 --setup-only
+    ```
+
+1. (Optional but recommended) Copy your `.crt` and `.key` files to `./monkey_island_data`.
+
+1. Make sure that your `.crt` and `.key` files are read-only and readable only by you.
+
+    ```bash
+    chmod 400 ./monkey_island_data/{*.key,*.crt}
+    ```
+
+1.  Edit `./monkey_island_data/server_config.json` to configure Monkey Island
+    to use your certificate. Your config should look something like this:
+
+    ```json {linenos=inline,hl_lines=["11-14"]}
+    {
+      "data_dir": "/monkey_island_data",
+      "log_level": "DEBUG",
+      "environment": {
+        "server_config": "password",
+        "deployment": "docker"
+      },
+      "mongodb": {
+        "start_mongodb": false
+     },
+      "ssl_certificate": {
+        "ssl_certificate_file": "<PATH_TO_CRT_FILE>",
+        "ssl_certificate_key_file": "<PATH_TO_KEY_FILE>",
+      }
+    }
+    ```
+
+1. Start the Monkey Island server:
+
+    ```bash
+    sudo docker run \
+        --name monkey-island \
+        --network=host \
+        --user $(id -u ${USER}):$(id -g ${USER}) \
+        --volume "$(realpath ./monkey_island_data)":/monkey_island_data \
+        guardicore/monkey-island:1.10.0
+    ```
+
+### 4. Accessing Monkey Island
+
+After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000`.
 
 ## Upgrading