diff --git a/.gitignore b/.gitignore
index 484d883..9100277 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 # Binaries (root level only)
 /tunnel-server
 /tunnel-client
+/server
+/client
 
 # Keys (never commit secrets)
 keys/
diff --git a/docker-compose.test.yml b/docker-compose.test.yml
new file mode 100644
index 0000000..0b3ec11
--- /dev/null
+++ b/docker-compose.test.yml
@@ -0,0 +1,27 @@
+# Test stack: nginx HTTP server + tunnel client exposing it at testrst.nixc.us
+# Usage: docker compose -f docker-compose.test.yml up --build
+services:
+  test-http:
+    image: nginx:alpine
+    volumes:
+      - ./test-index.html:/usr/share/nginx/html/index.html:ro
+    expose:
+      - "80"
+
+  test-tunnel-client:
+    build:
+      context: .
+      target: client
+    environment:
+      TUNNEL_SERVER: "ingress.nixc.us:2222"
+      TUNNEL_DOMAIN: "testrst.nixc.us"
+      TUNNEL_PORT: "80"
+      TUNNEL_KEY: "/keys/client_key"
+      TUNNEL_AUTH_USER: "test"
+      TUNNEL_AUTH_PASS: "test"
+    volumes:
+      - ~/.ssh/ca-userkey:/keys/client_key:ro
+    depends_on:
+      - test-http
+    # Share network namespace with test-http so 127.0.0.1:80 reaches nginx
+    network_mode: "service:test-http"
diff --git a/test-index.html b/test-index.html
new file mode 100644
index 0000000..46cd016
--- /dev/null
+++ b/test-index.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>Tunnel Test</title>
+  <style>
+    *{margin:0;padding:0;box-sizing:border-box}
+    body{font-family:system-ui,-apple-system,sans-serif;display:flex;
+         align-items:center;justify-content:center;min-height:100vh;
+         background:linear-gradient(135deg,#667eea 0%,#764ba2 100%);color:#fff}
+    .card{background:rgba(255,255,255,.15);backdrop-filter:blur(12px);
+          border-radius:16px;padding:3rem 4rem;text-align:center;
+          box-shadow:0 8px 32px rgba(0,0,0,.25)}
+    h1{font-size:2rem;margin-bottom:.5rem}
+    p{opacity:.85;font-size:1.1rem}
+    .status{margin-top:1.5rem;padding:.75rem 1.5rem;background:rgba(255,255,255,.2);
+            border-radius:8px;font-family:monospace;font-size:.95rem}
+    .ok{color:#6eff6e}
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>Reverse SSH Tunnel Test</h1>
+    <p>If you can see this, the tunnel to <strong>testrst.nixc.us</strong> is working.</p>
+    <div class="status"><span class="ok">&#x2713;</span> Tunnel active &mdash; served via nginx</div>
+  </div>
+</body>
+</html>