diff --git a/workspaces/build-workspace/Dockerfile b/workspaces/build-workspace/Dockerfile
index 5e51deb..537d8fb 100644
--- a/workspaces/build-workspace/Dockerfile
+++ b/workspaces/build-workspace/Dockerfile
@@ -46,6 +46,9 @@ RUN yum -y install https://linux-mirrors.fnal.gov/linux/fermilab/almalinux/9/yum
 # Kerberos cache does not work properly in containers, using files
 COPY build-workspace/config/0_file_ccache /etc/krb5.conf.d/0_file_ccache
 
+# To export the RPMs in a yum repository
+RUN yum -y install httpd createrepo_c
+
 # This must be after all dnf/yum and pip commands
 # Cleaning YUM and DNF all caches (including disabled repos) and pip caches to reduce size of image
 RUN rm -rf /var/cache/yum/* /var/cache/dnf/* /root/.cache/pip/*
@@ -57,7 +60,19 @@ RUN mkdir -p /opt/osg/svnrepo && \
     do mkdir "$i"; pushd "$i"; \ 
     svn co https://vdt.cs.wisc.edu/svn/native/redhat/branches/${i%_glideinwms}/glideinwms; \
     popd; done && \
-    chown -R abc: /opt/osg
+    chown -R abc: /opt/osg && \
+    usermod -a -G mock abc
+
+# YUM repo setup
+RUN mkdir -p /opt/repo/main /opt/repo/alt && \
+    chown -R abc: /opt/repo
+COPY --chown=abc:abc build-workspace/config/build.repo /opt/repo/
+COPY build-workspace/config/yumrepo.conf /etc/httpd/conf.d/
+
+# Deploy utility scripts
+COPY build-workspace/scripts /opt/scripts
+COPY shared/scripts/create-host-certificate.sh /opt/scripts/
+RUN ln -s /opt/scripts/* /usr/local/bin
     
 # Default entry point
 CMD ["/bin/bash"]
diff --git a/workspaces/build-workspace/README.md b/workspaces/build-workspace/README.md
index 0f3ab55..951744d 100644
--- a/workspaces/build-workspace/README.md
+++ b/workspaces/build-workspace/README.md
@@ -13,7 +13,8 @@ Pull the container image, run it:
 ```commandline
  podman pull docker.io/glideinwms/build-workspace:latest
  podman image list
- # check the ID of the build-workspace
+ # Check the ID of the build-workspace
+ # Add --privileged if you plan to build locally the RPMs with mock
  podman run -it <image_ID> /bin/bash
 ```
 And in the container switch to the unprivileged user `abc` and run all the commands:
@@ -29,3 +30,33 @@ and a checkout of the OSG SVN repositories for glideinwms in `svnrepo`, so you c
 version and then use them to build.
 - `/opt/abc` ready to be used as work directory (e.g. to clone the glideinwms repository) if you prefer
 this to the home directory.
+
+The `/opt/scripts/startup.sh` creates a host certificate and starts the http server.
+There are two YUM repod in `/opt/repo/` served as `gwms-build` (enabled by default) and `gwms-build-alt` (disabled by default).
+Other hosts can set up the exported YUM repos using (we assume the build container host name to
+be `build-workspace.glideinwms.org`): 
+```commandline
+wget http://build-workspace.glideinwms.org/repo/build.repo -O /etc/yum.repos.d/build.repo
+```
+
+Here the commands to build new RPMs and update the YUM repos:
+```commandline
+su - abc
+# As abc user
+cd /opt/abc
+# Choose the repo you'd like to use for the build
+git clone https://github.com/mambelli/glideinwms.git
+cd glideinwms/
+# Choose the branch for the build
+git checkout release_v3_10_9_rc1
+cd ../
+# Add --no-mock to use only rpmbuild
+# To use mock you must run the build container as privileged (podman run --privileged ...)
+./glideinwms/build/ReleaseManager/release.py --release-version=v3_10_9 --source-dir=`pwd`/glideinwms --release-dir=`pwd`/distro --rc=1 --python=python39 --verbose
+# The RPMS are in distro/v3_10_9_rc1/rpmbuild/RPMS/ (where v3_10_9_rc1 is the release/RC)
+# Copy the RPMs (choose if you want to use the main ot alt repo) and update the YUM repos
+cp distro/v3_10_9_rc1/rpmbuild/RPMS/*rpm /opt/repo/main/
+cd /opt/repo/
+createrepo main/
+createrepo alt/
+```
diff --git a/workspaces/build-workspace/config/build.repo b/workspaces/build-workspace/config/build.repo
new file mode 100644
index 0000000..d1c7acc
--- /dev/null
+++ b/workspaces/build-workspace/config/build.repo
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+[gwms-build]
+name=GlideinWMS Build Server for Enterprise Linux 9 - x86_64
+baseurl=http://build-workspace.glideinwms.org/repo/main/
+enabled=1
+gpgcheck=0
+priority=75
+
+[gwms-build-alt]
+name=GlideinWMS Build Server for Enterprise Linux 9 - x86_64
+baseurl=http://build-workspace.glideinwms.org/repo/alt/
+enabled=0
+gpgcheck=0
+priority=75
diff --git a/workspaces/build-workspace/config/yumrepo.conf b/workspaces/build-workspace/config/yumrepo.conf
new file mode 100644
index 0000000..849a0a7
--- /dev/null
+++ b/workspaces/build-workspace/config/yumrepo.conf
@@ -0,0 +1,13 @@
+# Configuration for the YUM repository
+
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+Alias /repo /opt/repo
+<Directory /opt/repo>
+    # Apache 2.4
+    Require all granted
+    Options Indexes FollowSymLinks MultiViews
+    #Options -Indexes
+    AllowOverride
+</Directory>
diff --git a/workspaces/build-workspace/scripts/startup.sh b/workspaces/build-workspace/scripts/startup.sh
new file mode 100644
index 0000000..251ce20
--- /dev/null
+++ b/workspaces/build-workspace/scripts/startup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+GWMS_DIR=/opt/gwms
+
+bash /opt/scripts/create-host-certificate.sh -d "$GWMS_DIR"/secrets
+systemctl start httpd
diff --git a/workspaces/compose-buildserver.yml b/workspaces/compose-buildserver.yml
new file mode 100644
index 0000000..146a669
--- /dev/null
+++ b/workspaces/compose-buildserver.yml
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+# This compose file deploys the build and YUM server.
+# The build-workspace needs to be privileged, otherwise you will not be able to run mock
+# TODO: use an env variable to parameterize privileged (not needed for OSG koji builds)
+
+services:
+
+  ce-workspace:
+    container_name: build-workspace.glideinwms.org
+    build:
+      context: .
+      cache_from:
+        - ${IMAGE_NAMESPACE-glideinwms}/build-workspace:${IMAGE_LABEL-latest}
+      dockerfile: build-workspace/Dockerfile
+    image: ${IMAGE_NAMESPACE-glideinwms}/build-workspace:${IMAGE_LABEL-latest}
+    privileged: true
+    networks:
+      - gwms
+    hostname: build-workspace.glideinwms.org
+    tty: true
+    stdin_open: true
+    stop_grace_period: 2s
+
+networks:
+  gwms:
+    driver: bridge