diff --git a/nginx-conf/freechat.conf b/nginx-conf/freechat.conf
new file mode 100644
index 0000000..941a9e3
--- /dev/null
+++ b/nginx-conf/freechat.conf
@@ -0,0 +1,18 @@
+server {
+	# Freechat servers should not bother adding support for unencrypted trafic
+	listen 443 ssl; # default_server;
+	listen [::]:443 ssl; # default_server;
+
+	# Uncomment this line if you are self signing your certs
+	#include snippets/self-signed.conf;
+
+	# General SSL/TLS settings for nginx
+	include snippets/ssl-params.conf;
+
+	server_name _;
+
+	location / {
+		proxy_pass http://0.0.0.0:4536;
+	}
+}
+
diff --git a/nginx-conf/readme.md b/nginx-conf/readme.md
new file mode 100644
index 0000000..15900e5
--- /dev/null
+++ b/nginx-conf/readme.md
@@ -0,0 +1,3 @@
+# Configs for Nginx Reverse Proxy
+
+The above are ultra minimal configs for setting up nginx.
diff --git a/nginx-conf/self-signed.conf b/nginx-conf/self-signed.conf
new file mode 100644
index 0000000..e27a200
--- /dev/null
+++ b/nginx-conf/self-signed.conf
@@ -0,0 +1,4 @@
+# This should only be used if you are planning on self signing
+
+ssl_certificate /etc/ssl/certs/freechat.crt;
+ssl_certificate_key /etc/ssl/private/freechat.key;
diff --git a/nginx-conf/ssl-params.conf b/nginx-conf/ssl-params.conf
new file mode 100644
index 0000000..5e393c2
--- /dev/null
+++ b/nginx-conf/ssl-params.conf
@@ -0,0 +1,20 @@
+ssl_protocols TLSv1 TLSV1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 5s;
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+
+# literal misspelling
+ssl_dhparam /etc/ssl/certs/nginx-dev.pem;
+