diff --git a/dnsmasq/pxe/README.md b/dnsmasq/pxe/README.md
new file mode 100644
index 0000000..1789ce8
--- /dev/null
+++ b/dnsmasq/pxe/README.md
@@ -0,0 +1,51 @@
+pxe
+===
+
+The Preboot Execution Environment (PXE) is an environment to bootstrap
+computers using a network card (i.e Ethernet, Token-Ring) independently of
+available data storage devices (like hard disks) or installed operating
+systems.
+
+## docker-compose.yml
+```yaml
+pxe:
+  image: vimagick/dnsmasq
+  volumes:
+    - ./dnsmasq.conf:/etc/dnsmasq.d/dnsmasq.conf
+    - ./tftpboot:/tftpboot
+  net: host
+  restart: always
+```
+
+## dnsmasq.conf
+
+```
+interface=eth0
+port=0
+no-hosts
+no-resolv
+server=8.8.8.8
+dhcp-range=192.168.1.10,192.168.1.20,1h
+dhcp-option=3,192.168.1.1
+dhcp-option=6,192.168.1.1
+dhcp-boot=pxelinux.0
+enable-tftp
+tftp-root=/tftpboot
+```
+
+> You can get all `dhcp-option` codes via `dnsmasq --help dhcp`.
+
+## up and running
+
+```bash
+cd ~/fig/pxe/
+
+mkdir tftpboot
+wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/netboot.tar.gz
+tar xzf netboot.tar.gz -C tftpboot
+
+docker-compose up -d
+docker-compose logs -f
+```
+
+> You should stop DHCP service on local network.
diff --git a/dnsmasq/pxe/dnsmasq.conf b/dnsmasq/pxe/dnsmasq.conf
new file mode 100644
index 0000000..98ebeff
--- /dev/null
+++ b/dnsmasq/pxe/dnsmasq.conf
@@ -0,0 +1,11 @@
+interface=eth0
+port=0
+no-hosts
+no-resolv
+server=8.8.8.8
+dhcp-range=192.168.1.10,192.168.1.20,1h
+dhcp-option=3,192.168.1.1
+dhcp-option=6,192.168.1.1
+dhcp-boot=pxelinux.0
+enable-tftp
+tftp-root=/tftpboot
diff --git a/dnsmasq/pxe/docker-compose.yml b/dnsmasq/pxe/docker-compose.yml
new file mode 100644
index 0000000..67741a6
--- /dev/null
+++ b/dnsmasq/pxe/docker-compose.yml
@@ -0,0 +1,7 @@
+pxe:
+  image: vimagick/dnsmasq
+  volumes:
+    - ./dnsmasq.conf:/etc/dnsmasq.d/dnsmasq.conf
+    - ./tftpboot:/tftpboot
+  net: host
+  restart: always
diff --git a/registry/README.md b/registry/README.md
index c150166..777b37d 100644
--- a/registry/README.md
+++ b/registry/README.md
@@ -15,8 +15,8 @@ registry:
     - ./certs:/certs
     - ./auth:/auth
   environment:
-    - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/easypi.info.crt
-    - REGISTRY_HTTP_TLS_KEY=/certs/easypi.info.key
+    - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.easypi.info.crt
+    - REGISTRY_HTTP_TLS_KEY=/certs/registry.easypi.info.key
     - REGISTRY_AUTH=htpasswd
     - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
     - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
@@ -32,11 +32,17 @@ $ docker-compose exec registry bash
 >>> exit
 
 $ docker pull alpine
-$ docker tag alpine easypi.info:5000/alpine
+$ docker tag alpine registry.easypi.info:5000/alpine
 
 $ docker login -u username -p password easypi.info:5000
-$ docker push easypi.info:5000/alpine
-$ docker pull easypi.info:5000/alpine
+$ docker push registry.easypi.info:5000/alpine
+$ docker pull registry.easypi.info:5000/alpine
 ```
 
+## read more
+
+- https://github.com/docker/distribution/blob/master/docs/deploying.md
+- https://github.com/docker/distribution/blob/master/docs/insecure.md
+- https://serversforhackers.com/tcp-load-balancing-with-nginx-ssl-pass-thru
+
 [1]: https://github.com/docker/distribution