diff --git a/graph/configurations/docker-mcp-gateway-lxc-303-setup-with-persistent-config-and-1a8753.md b/graph/configurations/docker-mcp-gateway-lxc-303-setup-with-persistent-config-and-1a8753.md
new file mode 100644
index 00000000000..bd2ece1b2e1
--- /dev/null
+++ b/graph/configurations/docker-mcp-gateway-lxc-303-setup-with-persistent-config-and-1a8753.md
@@ -0,0 +1,42 @@
+---
+id: 1a875380-4385-4e5c-9f46-5d33d28da7eb
+type: configuration
+title: "Docker MCP Gateway LXC 303 setup with persistent config and secrets"
+tags: [docker-mcp-gateway, mcp, homelab, proxmox, lxc-303, configuration]
+importance: 0.8
+confidence: 0.8
+created: "2026-02-24T01:52:35.801332+00:00"
+updated: "2026-02-24T01:52:35.801332+00:00"
+---
+
+# Docker MCP Gateway LXC 303 Setup
+
+## Infrastructure
+- **LXC:** 303, **IP:** 10.10.0.231, **SSH alias:** `mcp-gateway`
+- **Container:** `docker/mcp-gateway` v2.0.1 on port 8811
+- **Claude Code connection:** `http://10.10.0.231:8811/mcp` in `~/.claude.json` under `mcpServers.docker-mcp-gateway` (type: http)
+
+## Docker Run Command
+```bash
+docker run -d --name mcp-gateway --restart unless-stopped -p 8811:8811 \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /home/cal/mcp-gateway/secrets.env:/secrets/secrets.env:ro \
+  -v /home/cal/mcp-gateway/config/config.yaml:/root/.docker/mcp/config.yaml \
+  -v /home/cal/mcp-gateway/config/registry.yaml:/root/.docker/mcp/registry.yaml \
+  -v /home/cal/mcp-gateway/gitea-catalog.yaml:/catalogs/gitea-catalog.yaml:ro \
+  docker/mcp-gateway \
+  --transport=streaming --port=8811 \
+  --secrets=/secrets/secrets.env \
+  --additional-catalog=/catalogs/gitea-catalog.yaml \
+  --servers=n8n --servers=gitea
+```
+
+## Files on LXC at `/home/cal/mcp-gateway/`
+- `secrets.env` — contains `n8n.api_key=<JWT>` and `gitea.token=<token>`
+- `config/config.yaml` — server configs (n8n api_url, gitea host)
+- `config/registry.yaml` — enabled servers registry
+- `gitea-catalog.yaml` — custom catalog entry for Gitea MCP server
+
+## Notes
+- Servers n8n and gitea are pre-started via `--servers` flag to bypass secrets validation issues on headless Docker Engine (no Docker Desktop)
+- BUILDS_ON n8n-mcp local setup, RELATED_TO CT 302 claude-runner (5da446)