diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 00000000..7490d8c9
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,29 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Test
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby:
+          - "2.5"
+          - "2.6"
+          - "2.7"
+          - "jruby-9.2"
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run tests with Ruby ${{ matrix.ruby }}
+      run: docker-compose run ci-${{ matrix.ruby }}
diff --git a/.travis.yml b/.travis.yml
index 8af7d10e..19efdf86 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,6 +18,7 @@ rvm:
 addons:
   hosts:
     - ldap.example.org # needed for TLS verification
+    - cert.mismatch.example.org
 
 services:
   - docker
diff --git a/ci-run.sh b/ci-run.sh
new file mode 100755
index 00000000..27024a77
--- /dev/null
+++ b/ci-run.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+gem install bundler
+bundle check || bundle install
+bundle exec rake ci
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..f8cce189
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,81 @@
+version: "3.8"
+
+networks:
+  integration_test_network:
+
+services:
+  openldap:
+    image: osixia/openldap:1.4.0
+    networks:
+      integration_test_network:
+        aliases:
+          - ldap.example.org
+          - cert.mismatch.example.org
+    environment:
+      LDAP_TLS_VERIFY_CLIENT: "try"
+      LDAP_SEED_INTERNAL_LDIF_PATH: "/ldif"
+    healthcheck:
+      test: ["CMD", "ldapsearch", "-x", "-s", "base"]
+      interval: 60s
+      start_period: 30s
+      timeout: 5s
+      retries: 1
+    hostname: "ldap.example.org"
+    volumes:
+      - ./test/fixtures/ldif:/ldif:ro
+
+  ci-2.5:
+    image: ruby:2.5
+    entrypoint: /code/ci-run.sh
+    environment:
+      INTEGRATION: openldap
+      INTEGRATION_HOST: ldap.example.org
+    depends_on:
+      - openldap
+    networks:
+      integration_test_network:
+    volumes:
+      - .:/code
+    working_dir: /code
+
+  ci-2.6:
+    image: ruby:2.7
+    entrypoint: /code/ci-run.sh
+    environment:
+      INTEGRATION: openldap
+      INTEGRATION_HOST: ldap.example.org
+    depends_on:
+      - openldap
+    networks:
+      integration_test_network:
+    volumes:
+      - .:/code
+    working_dir: /code
+
+  ci-2.7:
+    image: ruby:2.7
+    entrypoint: /code/ci-run.sh
+    environment:
+      INTEGRATION: openldap
+      INTEGRATION_HOST: ldap.example.org
+    depends_on:
+      - openldap
+    networks:
+      integration_test_network:
+    volumes:
+      - .:/code
+    working_dir: /code
+
+  ci-jruby-9.2:
+    image: jruby:9.2
+    entrypoint: /code/ci-run.sh
+    environment:
+      INTEGRATION: openldap
+      INTEGRATION_HOST: ldap.example.org
+    depends_on:
+      - openldap
+    networks:
+      integration_test_network:
+    volumes:
+      - .:/code
+    working_dir: /code
diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb
index 5bae8ffa..bb7dfb3e 100644
--- a/test/integration/test_bind.rb
+++ b/test/integration/test_bind.rb
@@ -57,7 +57,7 @@ def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes
   end
 
   def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
-    @ldap.host = '127.0.0.1'
+    @ldap.host = 'cert.mismatch.example.org'
     @ldap.encryption(
       method:      :start_tls,
       tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
@@ -67,7 +67,7 @@ def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes
   end
 
   def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
-    @ldap.host = '127.0.0.1'
+    @ldap.host = 'cert.mismatch.example.org'
     @ldap.encryption(
       method:      :start_tls,
       tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER,
@@ -84,7 +84,7 @@ def test_bind_tls_with_bad_hostname_verify_peer_ca_fails
   end
 
   def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
-    @ldap.host = '127.0.0.1'
+    @ldap.host = 'cert.mismatch.example.org'
     @ldap.encryption(
       method:      :start_tls,
       tls_options: TLS_OPTS.merge(ca_file: CA_FILE),
@@ -100,7 +100,7 @@ def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails
   end
 
   def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails
-    @ldap.host = '127.0.0.1'
+    @ldap.host = 'cert.mismatch.example.org'
     @ldap.encryption(
       method:      :start_tls,
       tls_options: { ca_file: CA_FILE },
@@ -138,7 +138,7 @@ def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes
   end
 
   def test_bind_tls_with_bogus_hostname_system_ca_fails
-    @ldap.host = '127.0.0.1'
+    @ldap.host = 'cert.mismatch.example.org'
     @ldap.encryption(method: :start_tls, tls_options: {})
     error = assert_raise Net::LDAP::Error,
                          Net::LDAP::ConnectionRefusedError do
@@ -164,7 +164,7 @@ def test_bind_tls_with_multiple_hosts
 
   def test_bind_tls_with_multiple_bogus_hosts
     @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.hosts = [['cert.mismatch.example.org', 389], ['bogus.example.com', 389]]
     @ldap.encryption(
       method:      :start_tls,
       tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER,
@@ -180,7 +180,7 @@ def test_bind_tls_with_multiple_bogus_hosts
 
   def test_bind_tls_with_multiple_bogus_hosts_no_verification
     @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.hosts = [['cert.mismatch.example.org', 389], ['bogus.example.com', 389]]
     @ldap.encryption(
       method:      :start_tls,
       tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE),
@@ -191,7 +191,7 @@ def test_bind_tls_with_multiple_bogus_hosts_no_verification
 
   def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails
     @ldap.host = nil
-    @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]]
+    @ldap.hosts = [['cert.mismatch.example.org', 389], ['bogus.example.com', 389]]
     @ldap.encryption(
       method: :start_tls,
       tls_options: { ca_file: CA_FILE },

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/ruby-ldap/ruby-net-ldap/pull/376.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/ruby-ldap/ruby-net-ldap/pull/376.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/ruby-ldap/ruby-net-ldap/pull/376.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/ruby-ldap/ruby-net-ldap/pull/376.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>