diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000000000000000000000000000000000000..5cf1e4ccbcfc765d8b7eaedca9d7ed35b24c4fd5
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,55 @@
+# This has to be set to any good enough random string. E.g. something that
+# `pwgen -s 32 1` would print out. If you want to know more about this go to
+# https://docs.djangoproject.com/en/3.2/ref/settings/#secret-key
+# (mandatory setting)
+SECRET_KEY=put-something-awesomely-random-here
+
+# A comma-separated list of hostnames/IPs Django should listen to. For a
+# production setup this will be something like aura.example.org, for a dev
+# setup you might just use the default settings.
+# (default: 127.0.0.1, localhost)
+#ALLOWED_HOSTS=
+
+# A comma-separated list of URIs where the webclients live that should be able
+# to access the steering API. In particular the dashboard. Might not be needed
+# in a production setup if steering and dashboard share the same domain. In
+# a dev setup the defaults might be just fine.
+# (default: http://127.0.0.1:8080, http://localhost:8080)
+#CORS_ORIGIN_WHITELIST=
+
+# The database settings.
+# if you use a dev environment where django is not running inside a docker
+# container, but you use the postgres container for the db and map its port,
+# then use localhost as the database hostname
+# (default host: steering-postgres)
+# (default port: 5432)
+# (default name: steering)
+# (default user: steering)
+# (pass is a mandatory setting)
+#DBHOST=
+#DBPORT=
+#DBNAME=
+#DBUSER=
+DBPASS=change-to-something-secure
+
+# The timezone of this server. For a list of all available tz database names see
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+# (default: Europe/Vienna)
+#TIME_ZONE=
+
+# The language code for the localization of this server. For a list of available
+# codes see http://www.i18nguy.com/unicode/language-identifiers.html
+# (default: de)
+#LANGUAGE_CODE=
+
+# If steering is run inside a docker container. This will be de default for a
+# production deployment. In a dev scenario you might still want to have the
+# database in its container, but run the steering dev server directly on your
+# host. In this case make this False.
+# (default: True)
+#RUNINDOCKER=
+
+# This should be turned on only for your development environment unless you
+# know exactly what you are doing and what the consequences are.
+# (default: False)
+#DEBUG=
diff --git a/pv/local_settings.py.sample b/pv/local_settings.py.sample
deleted file mode 100644
index 04460116ada102d245fa136577f8524e84da9eec..0000000000000000000000000000000000000000
--- a/pv/local_settings.py.sample
+++ /dev/null
@@ -1,40 +0,0 @@
-
-import os
-
-from corsheaders.defaults import default_headers
-
-CONFIG_DIR = '/etc/aura/'
-DB_CONFIG = 'steering.mysql.cnf'
-
-SECRET_KEY = '---some-secred-key---'
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.mysql',
-        'OPTIONS': {
-            'read_default_file': os.path.join(CONFIG_DIR, DB_CONFIG),
-        },
-    }
-}
-
-CORS_ALLOW_CREDENTIALS = True
-CORS_ORIGIN_WHITELIST = (
-    'http://localhost:8080'
-    # 'https://aura-test.o94.at',
-    # 'https://aura-test.o94.at:443',
-)
-CORS_ALLOW_HEADERS = list(default_headers) + [
-    'content-disposition',
-]
-
-# Comment out the following for temporary debugging, if you want to use the
-# native DRF web forms
-"""
-REST_FRAMEWORK = {
-    # Use Django's standard `django.contrib.auth` permissions,
-    # or allow read-only access for unauthenticated users.
-    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
-    ],
-}
-"""
diff --git a/pv/settings.py b/pv/settings.py
index 2faeb9b6fff125b8424d820b36bf90b9588bef83..899731df47e50d6d82ab39ffd71eaf7cbd20e14f 100644
--- a/pv/settings.py
+++ b/pv/settings.py
@@ -1,6 +1,8 @@
 # Django settings for pv project.
 
 import os.path
+import environ
+from corsheaders.defaults import default_headers
 
 # Paths
 
@@ -18,35 +20,46 @@ STATIC_URL = '/static/'
 
 ROOT_URLCONF = 'pv.urls'
 
-DEBUG = True
+env = environ.Env()
+env.read_env(env_file=PROJECT_DIR+'/../.env')
+env.str('DBHOST')
+
+DOCKER = env.bool('DOCKER', default=True)
+DEBUG = env.bool('DEBUG', default=False)
 SITE_ID = 1
 ADMINS = ()
 MANAGERS = ADMINS
 
 # Must be set if DEBUG is False
-ALLOWED_HOSTS = ['127.0.0.1', 'localhost']
+ALLOWED_HOSTS = env.list('HOSTNAMES', default=['127.0.0.1', 'localhost'])
 
 # Whitelist IPs that access the API
-CORS_ORIGIN_WHITELIST = (
-    'http://localhost',
-    'http://localhost:8080'
-)
+CORS_ORIGIN_WHITELIST = env.list('CORS_ORIGIN_WHITELIST', default=(
+    'http://localhost:8080',
+    'http://127.0.0.1:8080'
+))
+CORS_ALLOW_CREDENTIALS = True
+CORS_ALLOW_HEADERS = list(default_headers) + [
+    'content-disposition',
+]
 
 # Define which database backend to use for our apps
 DATABASES = {
     # SQLITE
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(PROJECT_DIR, 'dev_data.sqlite'),
-    },
+    #'default': {
+    #    'ENGINE': 'django.db.backends.sqlite3',
+    #    'NAME': os.path.join(PROJECT_DIR, 'dev_data.sqlite'),
+    #},
 
     # PostgreSQL
-    # 'default': {
-    #        'ENGINE': 'django.db.backends.postgresql',
-    #        'OPTIONS': {
-    #            'read_default_file': os.path.join(PROJECT_DIR, 'postgresql.cnf'),
-    #        },
-    #    },
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': env.str('DBNAME', default='steering'),
+        'USER': env.str('DBUSER', default='steering'),
+        'PASSWORD': env.str('DBPASS'),
+        'HOST': env.str('DBHOST', default='steering-postgres'),
+        'PORT': env.str('DBPORT', '5432'),
+    },
 
     # MySQL
     #    'default': {
@@ -55,18 +68,17 @@ DATABASES = {
     #            'read_default_file': os.path.join(PROJECT_DIR, 'mysql.cnf'),
     #        },
     #   },
-
 }
 
 CACHE_BACKEND = 'locmem://'
 
 # LOCALIZATION
-TIME_ZONE = 'Europe/Vienna'
-LANGUAGE_CODE = 'de'
+TIME_ZONE = env.str('TIME_ZONE', default='Europe/Vienna')
+LANGUAGE_CODE = env.str('LANGUAGE_CODE', default='de')
 USE_I18N = True
 USE_L10N = True
 
-SECRET_KEY = ''
+SECRET_KEY = env.str('SECRET_KEY')
 
 TEMPLATES = [
     {
diff --git a/requirements.txt b/requirements.txt
index 895d7bbde875a25d6eca5072254a5dad1a77d617..8e201e9e35e8ec7e2d60b4306babfe925720ab0a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,8 +3,15 @@ django-cors-headers==3.2.1
 django-oidc-provider==0.7.0
 django-tinymce==2.8.0
 django-versatileimagefield==1.11
+django-environ==0.4.5
 djangorestframework==3.11.0
 drf-nested-routers==0.91
 Pillow==4.3.0
 python-dateutil==2.8.1
 PyYAML==3.13
+
+# needed for the database (container)
+psycopg2_binary==2.8.6
+
+# needed for production server
+gunicorn==20.0.4