diff --git a/docs/nix_dev_env.md b/docs/nix_dev_env.md
index 53273564f..037589983 100644
--- a/docs/nix_dev_env.md
+++ b/docs/nix_dev_env.md
@@ -1,147 +1,152 @@
 # Motivation
 
 We use Nix to package all of the dependencies for our dev environment. It does several things for us:
 
 - Enables new devs on macOS or Linux to set up our dev environment with just one command
 - Makes sure that everybody on the team is using the same versions of all the tools
 - Allows us to isolate development dependencies from affecting the host system
 
 For how Nix package management works, please refer to the official [how Nix works guide](https://nixos.org/guides/how-nix-works.html).
 
 # Supported workflows
 
 Some workflows require additional steps after the Nix installation. These steps are documented in [Workflow prerequisites](#workflow-prerequisites).
 
 | Workflow                        | macOS supported |
 | ------------------------------- | --------------- |
 | `keyserver` (Node.js)           | ✅              |
 | `web` & `landing` (Webpack)     | ✅              |
 | `native` iOS (React Native)     | ✅              |
 | `native` Android (React Native) | ✅              |
 | C++ services                    | ❌ **\***       |
 | Rust services                   | ✅              |
 
 **\*** Workflow requires documentation; and it requires the RabbitMQ and AWS/Localstack services to be available.
 
 # Requirements
 
 To set up a dev environment using Nix, you will need a macOS or Linux machine.
 
 # Prerequisites
 
 ## Xcode
 
 For developers using macOS, go to the [Mac App Store](https://apps.apple.com/us/app/xcode/id497799835) to install Xcode; or if you already have it, update it to the latest version.
 
 Once Xcode is installed, open it up. If you are prompted, follow the instructions to install any [“Additional Required Components”](./nix_mobile_setup.md#xcode-settings)
 
 ### Xcode Command Line Tools
 
 For developers using macOS, you need to make sure that the Xcode “Command Line Tools” are installed. You can do this by running:
 
 ```
 xcode-select --install
 ```
 
 ## Nix package manager
 
 To install and configure the [Nix package manager](https://nixos.org), please run:
 
 ```
 # Pull down Git repository
 git clone git@github.com:CommE2E/comm.git
 cd comm
 
 # Install Nix and Comm binary cache
 ./scripts/install_nix.sh
 ```
 
 Now either close and reopen your terminal window or re-source your shell configuration file in order to have changes applied.
 
 ## Install development dependencies
 
 As a first step, you’ll want to set up the JavaScript environment and pull in all necessary NPM packages. Run the following command:
 
 ```
 # Create development shell
 nix develop
 
 # Install yarn dependencies
 yarn cleaninstall
 ```
 
 ## Workflow specific prerequisites
 
 On macOS, [installing Xcode](#xcode) is a prerequisite for all workflows.
 
 - [Web prerequisites](./nix_web_setup.md#nix-web-requisities)
   - [React Dev Tools Chrome extension](./nix_web_setup.md#react-dev-tools-chrome-extension)
   - [Redux Dev Tools Chrome extension](./nix_web_setup.md#redux-dev-tools-chrome-extension)
 - [Mobile prerequisites](./nix_mobile_setup.md#nix-mobile-prerequisites)
   - [iOS development](./nix_mobile_setup.md#ios-development)
     - [Xcode settings](./nix_mobile_setup.md#xcode-settings)
   - [Android development](./nix_mobile_setup.md#android-development)
     - [JDK (Java Development Kit)](./nix_mobile_setup.md#jdk)
     - [Android Studio](./nix_mobile_setup.md#android-studio)
     - [Android SDK](./nix_mobile_setup.md#android-sdk)
     - [Android emulator](./nix_mobile_setup.md#android-emulator)
   - [Debugging tools](./nix_mobile_setup.md#debugging-tools)
     - [Reactotron](./nix_mobile_setup.md#reactotron)
 - [Services prerequisites](./nix_services_setup.md#nix-services-prerequisites)
   - [Docker](./nix_services_setup.md#docker)
   - [LocalStack](./nix_services_setup.md#localstack)
   - [Configuring the AWS CLI](./nix_services_setup.md#configuring-the-aws-cli)
 
 # Development environment
 
 Run `nix develop` to create a dev environment. Nix will handle the installation of all remaining dependencies not mentioned in [Workflow prerequisites](#workflow-prerequisites).
 
 ## Development workflows
 
 - [Web workflows](./nix_web_workflows.md#development)
   - [Flow typechecker](./nix_web_workflows.md#flow-typechecker)
   - [Running keysever](./nix_web_workflows.md#running-keyserver)
   - [Running web app](./nix_web_workflows.md#running-web-app)
   - [Running landing page](./nix_web_workflows.md#running-landing-page)
   - [Debugging](./nix_web_workflows.md#debugging)
     - [React Developer Tools](./nix_web_workflows.md#react-developer-tools)
     - [Redux Developer Tools](./nix_web_workflows.md#redux-developer-tools)
     - [Debugging JavaScript](./nix_web_workflows.md#debugging-javascript)
 - [Mobile workflows](./nix_mobile_workflows.md#mobile-workflows)
   - [Running mobile app on iOS Simulator](./nix_mobile_workflows.md#running-mobile-app-on-ios-simulator)
   - [Running mobile app on Android Emulator](./nix_mobile_workflows.md#running-mobile-app-on-android-emulator)
   - [Running mobile app on physical iOS devices](./nix_mobile_workflows.md#running-mobile-app-on-physical-ios-devices)
 - [Services workflows](./nix_services_workflows.md#services-workflows)
   - [Running the Identity service](./nix_services_workflows.md#running-the-identity-service)
   - [Debugging](./nix_services_workflows.md#debugging)
     - [AWS CLI](./nix_services_workflows.md#aws-cli)
 - [Shared workflows](./nix_shared_workflows.md#shared-workflows)
   - [Inspect database with TablePlus](./nix_shared_workflows.md#inspect-database-with-tableplus)
   - [Codegen](./nix_shared_workflows.md#codegen)
     - [Codegen for JSI](./nix_shared_workflows.md#codegen-for-jsi)
   - [Working with Phabricator](./nix_shared_workflows.md#working-with-phabricator)
     - [Setup](./nix_shared_workflows.md#setup)
     - [Creating a new diff](./nix_shared_workflows.md#creating-a-new-diff)
     - [Updating a diff](./nix_shared_workflows.md#updating-a-diff)
     - [Working with a stack](./nix_shared_workflows.md#working-with-a-stack)
     - [Committing a diff](./nix_shared_workflows.md#committing-a-diff)
   - [Final notes](./nix_shared_workflows.md#final-notes)
 
+## Production workflows
+
+- [Services deployment](./nix_services_deployment.md)
+  - [Tunnelbroker](./nix_services_deployment.md#tunnelbroker)
+
 ## Using alternate shells with Nix
 
 Alternate shells such as zsh or fish can also be used with Nix. To use an alternate shell, run:
 
 ```sh
 nix develop -c $SHELL
 ```
 
 You may also replace the bash shell with the shell of your preference.
 
 ```sh
 nix develop
 exec zsh # or fish
 ```
 
 ## How Nix introduces dependencies to a development environment
 
 Nix installs packages in the Nix store at package-specific paths (e.g. `/nix/store/x7kdiasp...-clang/bin/clang`). When you run `nix develop`, Nix sets environment variables such as `PATH` to expose the binary dependencies to your shell. This model can be extended to support other build toolchains such as pkg-config, CMake, and many other language specific package managers.
diff --git a/docs/nix_services_deployment.md b/docs/nix_services_deployment.md
new file mode 100644
index 000000000..81224ea10
--- /dev/null
+++ b/docs/nix_services_deployment.md
@@ -0,0 +1,28 @@
+# Services Deployment
+
+## Tunnelbroker
+
+Deploying Tunnelbroker consists of building its Docker image and deploying that image as a Docker container.
+
+### Building Tunnelbroker Image
+
+The Docker image for Tunnelbroker can be built using the following command from the project root:
+
+```
+docker build -f services/tunnelbroker -t commapp/tunnelbroker:<tag> .
+# Alternatively, there's a script which creates a very small docker context before building
+services/tunnelbroker/make_docker_image.sh -t commapp/tunnelbroker:<tag> .
+```
+
+### Running the container
+
+Tunnelbroker can be run in production using the following command:
+
+```
+docker run -d commapp/tunnelbroker:<tag> \
+  -p 50051:50051 \
+  -p 80:51001 \
+  -v $HOME/.aws:/home/comm/.aws:ro \
+  tunnelbroker \
+  --amqp-uri=<amqp-uri> \
+```
diff --git a/services/tunnelbroker/make_docker_image.sh b/services/tunnelbroker/make_docker_image.sh
index 0a58c397e..a35507c1b 100755
--- a/services/tunnelbroker/make_docker_image.sh
+++ b/services/tunnelbroker/make_docker_image.sh
@@ -1,19 +1,19 @@
 #!/usr/bin/env bash
 
 # This file exists to make a smaller docker context, so that building it is
 # significantly faster and requires less system resources
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" || exit 1; pwd -P)"
 BUILD_DIR="${SCRIPT_DIR}/target/oci_image"
 
 rm -rf "$BUILD_DIR"
 mkdir -p "$BUILD_DIR"/{scripts,shared,services/tunnelbroker}
 
 cp "$SCRIPT_DIR/../../scripts/install_protobuf.sh" "$BUILD_DIR"/scripts
 cp -r "${SCRIPT_DIR}/../../shared/protos" "$BUILD_DIR"/shared/protos
 cp -r "${SCRIPT_DIR}/../../shared/tunnelbroker_messages" \
   "$BUILD_DIR"/shared/tunnelbroker_messages
 cp -r "${SCRIPT_DIR}"/{Cargo.toml,Cargo.lock,build.rs,src} \
   "$BUILD_DIR"/services/tunnelbroker/
 
-docker build -f "${SCRIPT_DIR}/Dockerfile" "$BUILD_DIR"
+docker build "$@" -f "${SCRIPT_DIR}/Dockerfile" "$BUILD_DIR"