diff --git a/alpine/Dockerfile b/alpine/Dockerfile
new file mode 100644
index 0000000..5398982
--- /dev/null
+++ b/alpine/Dockerfile
@@ -0,0 +1,90 @@
+FROM alpine:3.5
+
+# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq
+
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache 'su-exec>=0.2'
+
+RUN apk add --no-cache \
+# Bash for docker-entrypoint
+		bash \
+# Erlang for RabbitMQ
+		erlang-asn1 \
+		erlang-hipe \
+		erlang-crypto \
+		erlang-eldap \
+		erlang-inets \
+		erlang-mnesia \
+		erlang \
+		erlang-os-mon \
+		erlang-public-key \
+		erlang-ssl \
+		erlang-xmerl
+
+# get logs to stdout (thanks @dumbbell for pushing this upstream! :D)
+ENV RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=-
+# https://github.com/rabbitmq/rabbitmq-server/commit/53af45bf9a162dec849407d114041aad3d84feaf
+
+ENV RABBITMQ_HOME /opt/rabbitmq
+ENV PATH $RABBITMQ_HOME/sbin:$PATH
+
+# https://www.rabbitmq.com/install-generic-unix.html
+ENV GPG_KEY 0A9AF2115F4687BD29803A206B73A36E6026DFCA
+
+ENV RABBITMQ_VERSION 3.6.6
+
+RUN set -ex; \
+	\
+	apk add --no-cache --virtual .build-deps \
+		ca-certificates \
+		gnupg \
+		openssl \
+		tar \
+		xz \
+	; \
+	\
+	wget -O rabbitmq-server.tar.xz "https://www.rabbitmq.com/releases/rabbitmq-server/v${RABBITMQ_VERSION}/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz"; \
+	wget -O rabbitmq-server.tar.xz.asc "https://www.rabbitmq.com/releases/rabbitmq-server/v${RABBITMQ_VERSION}/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz.asc"; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \
+	gpg --batch --verify rabbitmq-server.tar.xz.asc rabbitmq-server.tar.xz; \
+	rm -r "$GNUPGHOME" rabbitmq-server.tar.xz.asc; \
+	\
+	mkdir -p "$RABBITMQ_HOME"; \
+	tar \
+		--extract \
+		--verbose \
+		--file rabbitmq-server.tar.xz \
+		--directory "$RABBITMQ_HOME" \
+		--strip-components 1 \
+	; \
+	rm rabbitmq-server.tar.xz; \
+	\
+# update SYS_PREFIX (first making sure it's set to what we expect it to be)
+	grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
+	sed -ri 's!^(SYS_PREFIX=).*$!\1!g' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
+	grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
+	\
+	apk del .build-deps
+
+# set home so that any `--user` knows where to put the erlang cookie
+ENV HOME /var/lib/rabbitmq
+
+RUN mkdir -p /var/lib/rabbitmq /etc/rabbitmq \
+	&& echo '[ { rabbit, [ { loopback_users, [ ] } ] } ].' > /etc/rabbitmq/rabbitmq.config \
+	&& chown -R rabbitmq:rabbitmq /var/lib/rabbitmq /etc/rabbitmq \
+	&& chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq
+VOLUME /var/lib/rabbitmq
+
+# add a symlink to the .erlang.cookie in /root so we can "docker exec rabbitmqctl ..." without gosu
+RUN ln -sf /var/lib/rabbitmq/.erlang.cookie /root/
+
+RUN ln -sf "$RABBITMQ_HOME/plugins" /plugins
+
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+EXPOSE 4369 5671 5672 25672
+CMD ["rabbitmq-server"]
diff --git a/alpine/docker-entrypoint.sh b/alpine/docker-entrypoint.sh
new file mode 100755
index 0000000..d4a6adb
--- /dev/null
+++ b/alpine/docker-entrypoint.sh
@@ -0,0 +1,280 @@
+#!/bin/bash
+set -eu
+
+# allow the container to be started with `--user`
+if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then
+	if [ "$1" = 'rabbitmq-server' ]; then
+		chown -R rabbitmq /var/lib/rabbitmq
+	fi
+	exec su-exec rabbitmq "$BASH_SOURCE" "$@"
+fi
+
+# backwards compatibility for old environment variables
+: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}"
+: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}"
+: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}"
+
+# "management" SSL config should default to using the same certs
+: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}"
+: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}"
+: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}"
+
+# https://www.rabbitmq.com/configure.html
+sslConfigKeys=(
+	cacertfile
+	certfile
+	fail_if_no_peer_cert
+	keyfile
+	verify
+)
+managementConfigKeys=(
+	"${sslConfigKeys[@]/#/ssl_}"
+)
+rabbitConfigKeys=(
+	default_pass
+	default_user
+	default_vhost
+	hipe_compile
+)
+fileConfigKeys=(
+	management_ssl_cacertfile
+	management_ssl_certfile
+	management_ssl_keyfile
+	ssl_cacertfile
+	ssl_certfile
+	ssl_keyfile
+)
+allConfigKeys=(
+	"${managementConfigKeys[@]/#/management_}"
+	"${rabbitConfigKeys[@]}"
+	"${sslConfigKeys[@]/#/ssl_}"
+)
+
+declare -A configDefaults=(
+	[management_ssl_fail_if_no_peer_cert]='false'
+	[management_ssl_verify]='verify_none'
+
+	[ssl_fail_if_no_peer_cert]='true'
+	[ssl_verify]='verify_peer'
+)
+
+haveConfig=
+haveSslConfig=
+haveManagementSslConfig=
+for conf in "${allConfigKeys[@]}"; do
+	var="RABBITMQ_${conf^^}"
+	val="${!var:-}"
+	if [ "$val" ]; then
+		haveConfig=1
+		case "$conf" in
+			ssl_*) haveSslConfig=1 ;;
+			management_ssl_*) haveManagementSslConfig=1 ;;
+		esac
+	fi
+done
+if [ "$haveSslConfig" ]; then
+	missing=()
+	for sslConf in cacertfile certfile keyfile; do
+		var="RABBITMQ_SSL_${sslConf^^}"
+		val="${!var}"
+		if [ -z "$val" ]; then
+			missing+=( "$var" )
+		fi
+	done
+	if [ "${#missing[@]}" -gt 0 ]; then
+		{
+			echo
+			echo 'error: SSL requested, but missing required configuration'
+			for miss in "${missing[@]}"; do
+				echo "  - $miss"
+			done
+			echo
+		} >&2
+		exit 1
+	fi
+fi
+missingFiles=()
+for conf in "${fileConfigKeys[@]}"; do
+	var="RABBITMQ_${conf^^}"
+	val="${!var}"
+	if [ "$val" ] && [ ! -f "$val" ]; then
+		missingFiles+=( "$val ($var)" )
+	fi
+done
+if [ "${#missingFiles[@]}" -gt 0 ]; then
+	{
+		echo
+		echo 'error: files specified, but missing'
+		for miss in "${missingFiles[@]}"; do
+			echo "  - $miss"
+		done
+		echo
+	} >&2
+	exit 1
+fi
+
+# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off)
+for conf in "${!configDefaults[@]}"; do
+	default="${configDefaults[$conf]}"
+	var="RABBITMQ_${conf^^}"
+	[ -z "${!var:-}" ] || continue
+	eval "export $var=\"\$default\""
+done
+
+# If long & short hostnames are not the same, use long hostnames
+if [ "$(hostname)" != "$(hostname -s)" ]; then
+	: "${RABBITMQ_USE_LONGNAME:=true}"
+fi
+
+if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then
+	cookieFile='/var/lib/rabbitmq/.erlang.cookie'
+	if [ -e "$cookieFile" ]; then
+		if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then
+			echo >&2
+			echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE"
+			echo >&2
+		fi
+	else
+		echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile"
+		chmod 600 "$cookieFile"
+	fi
+fi
+
+# prints "$2$1$3$1...$N"
+join() {
+	local sep="$1"; shift
+	local out; printf -v out "${sep//%/%%}%s" "$@"
+	echo "${out#$sep}"
+}
+indent() {
+	if [ "$#" -gt 0 ]; then
+		echo "$@"
+	else
+		cat
+	fi | sed 's/^/\t/g'
+}
+rabbit_array() {
+	echo -n '['
+	case "$#" in
+		0) echo -n ' ' ;;
+		1) echo -n " $1 " ;;
+		*)
+			local vals="$(join $',\n' "$@")"
+			echo
+			indent "$vals"
+	esac
+	echo -n ']'
+}
+rabbit_env_config() {
+	local prefix="$1"; shift
+
+	local ret=()
+	local conf
+	for conf; do
+		local var="rabbitmq${prefix:+_$prefix}_$conf"
+		var="${var^^}"
+
+		local val="${!var:-}"
+
+		local rawVal=
+		case "$conf" in
+			verify|fail_if_no_peer_cert)
+				[ "$val" ] || continue
+				rawVal="$val"
+				;;
+
+			hipe_compile)
+				[ "$val" ] && rawVal='true' || rawVal='false'
+				;;
+
+			cacertfile|certfile|keyfile)
+				[ "$val" ] || continue
+				rawVal='"'"$val"'"'
+				;;
+
+			*)
+				[ "$val" ] || continue
+				rawVal='<<"'"$val"'">>'
+				;;
+		esac
+		[ "$rawVal" ] || continue
+
+		ret+=( "{ $conf, $rawVal }" )
+	done
+
+	join $'\n' "${ret[@]}"
+}
+
+if [ "$1" = 'rabbitmq-server' ] && [ "$haveConfig" ]; then
+	fullConfig=()
+
+	rabbitConfig=(
+		"{ loopback_users, $(rabbit_array) }"
+	)
+
+	if [ "$haveSslConfig" ]; then
+		IFS=$'\n'
+		rabbitSslOptions=( $(rabbit_env_config 'ssl' "${sslConfigKeys[@]}") )
+		unset IFS
+
+		rabbitConfig+=(
+			"{ tcp_listeners, $(rabbit_array) }"
+			"{ ssl_listeners, $(rabbit_array 5671) }"
+			"{ ssl_options, $(rabbit_array "${rabbitSslOptions[@]}") }"
+		)
+	else
+		rabbitConfig+=(
+			"{ tcp_listeners, $(rabbit_array 5672) }"
+			"{ ssl_listeners, $(rabbit_array) }"
+		)
+	fi
+
+	IFS=$'\n'
+	rabbitConfig+=( $(rabbit_env_config '' "${rabbitConfigKeys[@]}") )
+	unset IFS
+
+	fullConfig+=( "{ rabbit, $(rabbit_array "${rabbitConfig[@]}") }" )
+
+	# If management plugin is installed, then generate config consider this
+	if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then
+		if [ "$haveManagementSslConfig" ]; then
+			IFS=$'\n'
+			rabbitManagementSslOptions=( $(rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}") )
+			unset IFS
+
+			rabbitManagementListenerConfig+=(
+				'{ port, 15671 }'
+				'{ ssl, true }'
+				"{ ssl_opts, $(rabbit_array "${rabbitManagementSslOptions[@]}") }"
+			)
+		else
+			rabbitManagementListenerConfig+=(
+				'{ port, 15672 }'
+				'{ ssl, false }'
+			)
+		fi
+
+		fullConfig+=(
+			"{ rabbitmq_management, $(rabbit_array "{ listener, $(rabbit_array "${rabbitManagementListenerConfig[@]}") }") }"
+		)
+	fi
+
+	echo "$(rabbit_array "${fullConfig[@]}")." > /etc/rabbitmq/rabbitmq.config
+fi
+
+combinedSsl='/tmp/combined.pem'
+if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then
+	# Create combined cert
+	cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl"
+	chmod 0400 "$combinedSsl"
+fi
+if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
+	# More ENV vars for make clustering happiness
+	# we don't handle clustering in this script, but these args should ensure
+	# clustered SSL-enabled members will talk nicely
+	export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
+	export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
+	export RABBITMQ_CTL_ERL_ARGS="$RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS"
+fi
+
+exec "$@"
diff --git a/Dockerfile b/debian/Dockerfile
similarity index 100%
rename from Dockerfile
rename to debian/Dockerfile
diff --git a/docker-entrypoint.sh b/debian/docker-entrypoint.sh
similarity index 100%
rename from docker-entrypoint.sh
rename to debian/docker-entrypoint.sh
diff --git a/management/Dockerfile b/debian/management/Dockerfile
similarity index 100%
rename from management/Dockerfile
rename to debian/management/Dockerfile
diff --git a/update.sh b/update.sh
index 4edce38..6755730 100755
--- a/update.sh
+++ b/update.sh
@@ -8,5 +8,5 @@ debianVersion="$(curl -sSL 'http://www.rabbitmq.com/debian/dists/testing/main/bi
 rabbitmqVersion="${debianVersion%%-*}"
 
 set -x
-sed -ri 's/^(ENV RABBITMQ_VERSION) .*/\1 '"$rabbitmqVersion"'/' Dockerfile
-sed -ri 's/^(ENV RABBITMQ_DEBIAN_VERSION) .*/\1 '"$debianVersion"'/' Dockerfile
+sed -ri 's/^(ENV RABBITMQ_VERSION) .*/\1 '"$rabbitmqVersion"'/' debian/Dockerfile
+sed -ri 's/^(ENV RABBITMQ_DEBIAN_VERSION) .*/\1 '"$debianVersion"'/' debian/Dockerfile