diff --git a/jetty/README.md b/jetty/README.md
index 4a311f99c..7361d4de3 100644
--- a/jetty/README.md
+++ b/jetty/README.md
@@ -30,13 +30,21 @@ The default Jetty environment in the image is:
 	JETTY_HOME    =  /usr/local/jetty
 	JETTY_BASE    =  /var/lib/jetty
 	JETTY_CONF    =  /usr/local/jetty/etc/jetty.conf
-	JETTY_STATE   =  /var/lib/jetty/jetty.state
+	JETTY_STATE   =  /run/jetty/jetty.state
 	JETTY_ARGS    =
 	JAVA_OPTIONS  =
-	TMPDIR        =  /tmp
+	TMPDIR        =  /tmp/jetty
 
 Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`.
 
+## Read-only container
+
+To run `jetty` as a read-only container, have Docker create the `/tmp/jetty` and `/run/jetty` directories as volumes:
+
+	docker run -d --read-only -v /tmp/jetty -v /run/jetty jetty:9
+
+Since the container is read-only, you'll need to either mount in your webapps directory with `-v /path/to/my/webapps:/var/lib/jetty/webapps` or by populating `/var/lib/jetty/webapps` in a derived image.
+
 # Security
 
 By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999).
diff --git a/jetty/content.md b/jetty/content.md
index 88d0f4fe0..577723b06 100644
--- a/jetty/content.md
+++ b/jetty/content.md
@@ -23,13 +23,21 @@ The default Jetty environment in the image is:
 	JETTY_HOME    =  /usr/local/jetty
 	JETTY_BASE    =  /var/lib/jetty
 	JETTY_CONF    =  /usr/local/jetty/etc/jetty.conf
-	JETTY_STATE   =  /var/lib/jetty/jetty.state
+	JETTY_STATE   =  /run/jetty/jetty.state
 	JETTY_ARGS    =
 	JAVA_OPTIONS  =
-	TMPDIR        =  /tmp
+	TMPDIR        =  /tmp/jetty
 
 Webapps can be [deployed](https://wiki.eclipse.org/Jetty/Howto/Deploy_Web_Applications) in `/var/lib/jetty/webapps`.
 
+## Read-only container
+
+To run `jetty` as a read-only container, have Docker create the `/tmp/jetty` and `/run/jetty` directories as volumes:
+
+	docker run -d --read-only -v /tmp/jetty -v /run/jetty jetty:9
+
+Since the container is read-only, you'll need to either mount in your webapps directory with `-v /path/to/my/webapps:/var/lib/jetty/webapps` or by populating `/var/lib/jetty/webapps` in a derived image.
+
 # Security
 
 By default, this image starts as user `root` and uses Jetty's `setuid` module to drop privileges to user `jetty` after initialization. The `JETTY_BASE` directory at `/var/lib/jetty` is owned by `jetty:jetty` (uid 999, gid 999).