diff --git a/Dockerfile b/Dockerfile
index 836b81feed720f13a1411dd64a524993a5a505de..495f6404a8f13ddc3d2c813f34ae859bd9e84c21 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,16 +7,11 @@ RUN apk add --no-cache --update alpine-sdk
 ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT=""
-ARG GOMPLATE_VERSION=v3.9.0
 
 ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT}
 
 ARG GOPROXY
 
-RUN wget -O /usr/local/bin/gomplate \
-  "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${GOOS:-linux}-${GOARCH:-amd64}${GOARM}" \
-  && chmod +x /usr/local/bin/gomplate
-
 COPY go.mod go.sum ./
 COPY api/v2/go.mod api/v2/go.sum ./api/v2/
 RUN go mod download
@@ -27,26 +22,31 @@ RUN make release-binary
 
 FROM alpine:3.13.1
 
+ARG TARGETOS="linux"
+ARG TARGETARCH="amd64"
+ARG TARGETVARIANT=""
+ARG GOMPLATE_VERSION=v3.9.0
 # Dex connectors, such as GitHub and Google logins require root certificates.
 # Proper installations should manage those certificates, but it's a bad user
 # experience when this doesn't work out of the box.
 #
 # OpenSSL is required so wget can query HTTPS endpoints for health checking.
-
 RUN apk add --no-cache --update ca-certificates openssl
+RUN wget -O /usr/local/bin/gomplate \
+  "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" \
+  && chmod +x /usr/local/bin/gomplate
 
 RUN mkdir -p /var/dex
 RUN chown -R 1001:1001 /var/dex
 
 RUN mkdir -p /etc/dex
-COPY examples/config-example.tmpl /etc/dex/config.tmpl
+COPY config.docker.yaml /etc/dex/config.docker.yaml
 RUN chown -R 1001:1001 /etc/dex
 
 # Copy module files for CVE scanning / dependency analysis.
 COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/
 COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/
 
-COPY --from=builder /usr/local/bin/gomplate /usr/local/bin/gomplate
 COPY --from=builder /go/bin/dex /usr/local/bin/dex
 
 USER 1001:1001
@@ -57,7 +57,7 @@ COPY --from=builder /usr/local/src/dex/web /web
 
 USER 1001:1001
 
-COPY entrypoint.sh /
+COPY docker-entrypoint.sh /
 
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["serve", "/etc/dex/config.tmpl"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["serve", "/etc/dex/config.docker.yaml"]
diff --git a/examples/config-example.tmpl b/config.docker.yaml
similarity index 66%
rename from examples/config-example.tmpl
rename to config.docker.yaml
index acbe90e2f3065927a5c1bf64d360a7f5be5db61f..341544e66dba001ff8c7e82cf1a1314dd35e130e 100644
--- a/examples/config-example.tmpl
+++ b/config.docker.yaml
@@ -3,25 +3,17 @@ issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }}
 storage:
   type: sqlite3
   config:
-    file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/etc/dex/dex.db" }}
+    file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/var/dex/dex.db" }}
 
 web:
 {{- if getenv "DEX_WEB_HTTPS" "" }}
   https: {{ .Env.DEX_WEB_HTTPS }}
-  {{- if getenv "DEX_WEB_TLS_KEY" }}
-  tlsKey: {{ .Env.DEX_WEB_TLS_KEY }}
-  {{- else }}
-{{- fail "$DEX_WEB_TLS_KEY is required" }}
-  {{- end }}
-  {{- if getenv "DEX_WEB_TLS_CERT" "" }}
-  tlsCert: {{ .Env.DEX_WEB_TLS_CERT }}
-  {{- else }}
-{{- fail "$DEX_WEB_TLS_CERT is required" }}
-  {{- end }}
+  tlsKey: {{ getenv "DEX_WEB_TLS_KEY" | required "$DEX_WEB_TLS_KEY in case of web.https is enabled" }}
+  tlsCert: {{ getenv "DEX_WEB_TLS_CERT" | required "$DEX_WEB_TLS_CERT in case of web.https is enabled" }}
 {{- end }}
   http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }}
 
-{{- if getenv "DEX_TELEMETRY_HTTP" "" }}
+{{- if getenv "DEX_TELEMETRY_HTTP" }}
 telemetry:
   http: {{ .Env.DEX_TELEMETRY_HTTP }}
 {{- end }}
@@ -33,8 +25,8 @@ expiry:
   authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }}
 
 logger:
-  level: {{ getenv "DEX_LOGGER_LEVEL" "info" }}
-  format: {{ getenv "DEX_LOGGER_FORMAT" "text" }}
+  level: {{ getenv "DEX_LOG_LEVEL" "info" }}
+  format: {{ getenv "DEX_LOG_FORMAT" "text" }}
 
 oauth2:
   responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }}
@@ -47,7 +39,7 @@ oauth2:
 enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }}
 
 connectors:
-{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" "" }}
+{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" }}
 - type: mockCallback
   id: mock
   name: Example
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..59bb34c63acbb66033e9e3776159a8f31ba2437e
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/sh -e
+
+### Usage: /docker-entrypoint.sh <command> <args>
+command=$1
+
+case "$command" in
+  serve)
+    for file_candidate in $@ ; do
+      if test -f "$file_candidate"; then
+        tmpfile=$(mktemp /tmp/dex.config.yaml-XXXXXX)
+        gomplate -f "$file_candidate" -o "$tmpfile"
+        echo "config rendered successfully into the tmp file ${tmpfile}"
+
+        args="${args} ${tmpfile}"
+      else
+        args="${args} ${file_candidate}"
+      fi
+    done
+    exec dex $args
+    ;;
+  --help|-h|version)
+    exec dex $@
+    ;;
+  *)
+    exec $@
+    ;;
+esac
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100755
index 3e6a8e271abc4937951cb54be54ee685a4334a5c..0000000000000000000000000000000000000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh -e
-
-### Usage: /entrypoint.sh <command> <args>
-set -e
-command=$1
-
-if [ "$command" == "serve" ]; then
-  file="$2"
-  gomplate -f "$file" -o "/etc/dex/config.yaml";
-  exec dex serve "/etc/dex/config.yaml"
-else
-  exec dex $@
-fi