diff --git a/galaxysrv.yml b/galaxysrv.yml
index 68b8aae..9aeb958 100644
--- a/galaxysrv.yml
+++ b/galaxysrv.yml
@@ -4,6 +4,10 @@
 
   pre_tasks:
 
+    - name: Set workspace user facts
+      ansible.builtin.include_role:
+        name: uusrc.general.fact_regular_users
+
     - name: Include config tasks and load variables
       ansible.builtin.include_tasks: tasks/set_config.yml
 
@@ -21,7 +25,8 @@
         state: present
 
   roles:
-    - role: uusrc.general.fact_regular_users
+    - role: geerlingguy.docker
+      when: not _molecule_active
     - role: uusrc.general.nginx_reverse_proxy
       vars:
         nginx_reverse_proxy_locations: "{{ galaxy_nginx_vhost_config }}"
@@ -35,6 +40,10 @@
   
   tasks:
 
+    - name: Configure nginx for interactive tools
+      ansible.builtin.include_tasks: tasks/interactive_tools.yml
+      when: _galaxy_use_interactive_tools
+
     - name: Add nginx user to galaxy group
       ansible.builtin.user:
         name: www-data
diff --git a/requirements.yml b/requirements.yml
index 62f8a5b..a774281 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -11,6 +11,8 @@ roles:
     version: 1.2.0
   - src: galaxyproject.miniconda
     version: 0.3.1
+  - src: geerlingguy.docker
+    version: 6.1.0
 
 collections:
   - name: community.general
diff --git a/tasks/interactive_tools.yml b/tasks/interactive_tools.yml
new file mode 100644
index 0000000..7dc44b9
--- /dev/null
+++ b/tasks/interactive_tools.yml
@@ -0,0 +1,8 @@
+---
+- ansible.builtin.template:
+    src: "templates/nginx/galaxy-gie-proxy.j2"
+    dest: "/etc/nginx/conf.d/gie-server.conf"
+    mode: "0640"
+    owner: "www-data"
+    group: "www-data"
+  notify: restart nginx
diff --git a/tasks/set_config.yml b/tasks/set_config.yml
index 25d944c..4b0fe57 100644
--- a/tasks/set_config.yml
+++ b/tasks/set_config.yml
@@ -5,17 +5,18 @@
 - name: Load component variables
   ansible.builtin.include_vars: vars/src_galaxy_vars.yml
 
-- name: Set admins
-  block:
-    - name: Set admins from CO group
-      ansible.builtin.set_fact:
-        _galaxy_admins: "{{ fact_co_groups[_galaxy_admin_co_group] | product(['@' + _galaxy_remote_user_maildomain]) | map('join') | list | join(',') }}"
-      when: fact_co_groups[_galaxy_admin_co_group] is defined
-
-    - name: Set no admins
-      ansible.builtin.set_fact:
-        _galaxy_admins: ""
-      when: fact_co_groups[_galaxy_admin_co_group] is not defined
+- name: Load interactive tools variables
+  ansible.builtin.include_vars: vars/interactive_tools_vars.yml
+
+- name: Set admins from CO group
+  ansible.builtin.set_fact:
+    _galaxy_admins: "{{ fact_co_groups[_galaxy_admin_co_group] | product(['@' + _galaxy_remote_user_maildomain]) | map('join') | list | join(',') | default('') }}"
+  when: fact_co_groups[_galaxy_admin_co_group] is defined
+
+- name: Set admins to blank
+  ansible.builtin.set_fact:
+    _galaxy_admins: ''
+  when: fact_co_groups[_galaxy_admin_co_group] is not defined
 
 - name: Determine whether to bootstrap Galaxy
   set_fact:
diff --git a/templates/galaxy/config/job_conf.xml.j2 b/templates/galaxy/config/job_conf.xml.j2
new file mode 100644
index 0000000..0852f6b
--- /dev/null
+++ b/templates/galaxy/config/job_conf.xml.j2
@@ -0,0 +1,22 @@
+<job_conf>
+    <plugins workers="4">
+        <plugin id="local" type="runner" load="galaxy.jobs.runners.local:LocalJobRunner"/>
+    </plugins>
+    <destinations default="docker_dispatch">
+        <destination id="local" runner="local"/>
+        <destination id="docker_local" runner="local">
+            <param id="docker_enabled">true</param>
+            <param id="docker_volumes">$defaults</param>
+            <param id="docker_sudo">false</param>
+            <param id="docker_net">bridge</param>
+            <param id="docker_auto_rm">true</param>
+            <param id="docker_set_user"></param>
+            <param id="require_container">true</param>
+        </destination>
+        <destination id="docker_dispatch" runner="dynamic">
+            <param id="type">docker_dispatch</param>
+            <param id="docker_destination_id">docker_local</param>
+            <param id="default_destination_id">local</param>
+        </destination>
+    </destinations>
+</job_conf>
diff --git a/templates/nginx/galaxy-gie-proxy.j2 b/templates/nginx/galaxy-gie-proxy.j2
new file mode 100644
index 0000000..7009f98
--- /dev/null
+++ b/templates/nginx/galaxy-gie-proxy.j2
@@ -0,0 +1,29 @@
+server {
+    {% if _molecule_active %}
+    listen       *:80;
+    {% else %}
+    listen       *:443 ssl;
+    ssl_certificate /etc/letsencrypt/live/{{ _galaxy_server_fqdn }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ _galaxy_server_fqdn }}/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    {% endif %}
+
+    # Match all requests for the interactive tools subdomain
+    server_name  *.interactivetool.{{ _galaxy_server_fqdn }};
+
+    # Our log files will go here.
+    access_log  syslog:server=unix:/dev/log;
+    error_log   syslog:server=unix:/dev/log;
+
+    # Proxy all requests to the GIE Proxy application
+    location / {
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass http://localhost:{{ gie_proxy_port }};
+    }
+}
diff --git a/vars/galaxy_vars.yml b/vars/galaxy_vars.yml
index 475c9ab..83114e9 100644
--- a/vars/galaxy_vars.yml
+++ b/vars/galaxy_vars.yml
@@ -18,28 +18,15 @@ galaxy_group: galaxy
 galaxy_client_use_prebuilt: true
 galaxy_systemd_root: true
 galaxy_backup_configfiles: false
+galaxy_config_templates:
+  - src: templates/galaxy/config/job_conf.xml.j2
+    dest: "{{ galaxy_config_dir }}/job_conf.xml"
 postgresql_objects_users:
   - name: galaxy
     password: null
 postgresql_objects_databases:
   - name: galaxy
     owner: galaxy
-galaxy_job_config:
-  runners:
-    local_runner:
-      load: galaxy.jobs.runners.local:LocalJobRunner
-      workers: 4
-  handling:
-    assign: ['db-skip-locked']
-  execution:
-    default: local_env
-    environments:
-      local_env:
-        runner: local_runner
-        tmp_dir: true
-  tools:
-    - class: local # these special tools that aren't parameterized for remote execution - expression tools, upload, etc
-      environment: local_env
 galaxy_configuration:
   galaxy:
     use_remote_user: true
@@ -49,7 +36,11 @@ galaxy_configuration:
     remote_user_maildomain: "{{ _galaxy_remote_user_maildomain }}"
     database_connection: "postgresql:///galaxy?host=/var/run/postgresql"
     file_path: "{{ galaxy_mutable_data_dir }}/datasets"
-    job_config: "{{ galaxy_job_config }}"
+    job_config_file: "{{ galaxy_config_dir }}/job_conf.xml"
+    interactivetools_enable: "{{ _galaxy_use_interactive_tools }}"
+    interactivetools_map: "{{ _galaxy_use_interactive_tools | ternary(gie_proxy_sessions_path, omit) }}"
+    galaxy_infrastructure_url: "{{ _galaxy_local_address }}"
+    outputs_to_working_directory: "{{ _galaxy_use_interactive_tools }}"
     bootstrap_admin_api_key: "{{ _galaxy_bootstrap_api_key | default(omit) }}"
   gravity:
     galaxy_root: "{{ galaxy_server_dir }}"
@@ -82,3 +73,6 @@ galaxy_configuration:
         pools:
           - job-handlers
           - workflow-schedulers
+    gx_it_proxy:
+      enable: "{{ _galaxy_use_interactive_tools }}"
+      port: "{{ gie_proxy_port }}"
diff --git a/vars/interactive_tools_vars.yml b/vars/interactive_tools_vars.yml
new file mode 100644
index 0000000..0b36ded
--- /dev/null
+++ b/vars/interactive_tools_vars.yml
@@ -0,0 +1,4 @@
+gie_proxy_dir: "{{ _galaxy_root }}/gie-proxy/proxy"
+gie_proxy_sessions_path: "{{ galaxy_mutable_data_dir }}/interactivetools_map.sqlite"
+gie_proxy_path_prefix: /interactivetool/ep
+gie_proxy_port: 4002
diff --git a/vars/internal_vars.yml b/vars/internal_vars.yml
index f8dd298..ab9bd53 100644
--- a/vars/internal_vars.yml
+++ b/vars/internal_vars.yml
@@ -19,3 +19,9 @@ _galaxy_root: /srv/galaxy
 _galaxy_local_address: localhost:8080
 
 galaxy_src_documentation: https://github.com/UtrechtUniversity/vre-docs
+
+# Variables for the docker role
+
+docker_install_compose: false
+docker_users:
+  - "{{ galaxy_user }}"
diff --git a/vars/nginx_vars.yml b/vars/nginx_vars.yml
index 113ab02..b3309d0 100644
--- a/vars/nginx_vars.yml
+++ b/vars/nginx_vars.yml
@@ -14,4 +14,14 @@ galaxy_nginx_vhost_config:
   - name: static_plugins
     location: "~ ^/plugins/(?<plug_type>.+?)/(?<vis_name>.+?)/static/(?<static_file>.*?)$"
     expires: '24'
+    alias: "{{ galaxy_server_dir }}/config/plugins/$plug_type/$vis_name/static/$static_file"
     auth: noauth
+  - name: favicon
+    location: /favicon.ico
+    expires: 24h
+    auth: noauth
+  - name: interactive_tools
+    location: "~* ^/(interactivetool/.+)$"
+    proxy_redirect: 'off'
+    proxy_http_version: '1.1'
+    proxy_pass: "http://localhost:{{ gie_proxy_port }}"
diff --git a/vars/src_galaxy_vars.yml b/vars/src_galaxy_vars.yml
index 32477dd..273001e 100644
--- a/vars/src_galaxy_vars.yml
+++ b/vars/src_galaxy_vars.yml
@@ -6,6 +6,8 @@ _galaxy_admin_co_group: "{{ src_galaxy_co_admin_group | default('src_co_admin',
 _galaxy_custom_repo: "{{ src_galaxy_custom_repo | default('') }}"
 _galaxy_custom_repo_branch: "{{ src_galaxy_custom_repo_branch | default('main', true) }}"
 _galaxy_api_exposed: "{{ src_galaxy_api_exposed | default(true, true) }}"
+_galaxy_use_interactive_tools: "{{ src_galaxy_interactive_tools | default(true, true) | bool }}"
+_galaxy_server_fqdn: "{{ workspace_fqdn | default('localhost', true) }}"
 
 # Note that some component parameters are also used in galaxy_vars.yml:
 # src_galaxy_storage_path