diff --git a/.gitignore b/.gitignore
index 14be18d..f1fcaea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
-all-proxy
\ No newline at end of file
+all-proxy
+/docker-compose.override.yml
+
diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml
new file mode 100644
index 0000000..7d71fd1
--- /dev/null
+++ b/docker-compose.override.tmpl.yml
@@ -0,0 +1,9 @@
+version: '3.7'
+services:
+  nginx:
+    build:
+      args:
+        nginx_template_data: nginx.yaml
+  tty-proxy:
+    environment:
+      - URL=tty.example.com
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..51e8a73
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,22 @@
+version: '3.7'
+services:
+  nginx:
+    build: 
+      context: ./nginx/
+    image: webserver
+    container_name: webserver
+    volumes:
+      # - type: bind
+        # source: ./nginx/nginx.conf
+        # target: /etc/nginx/nginx.conf
+      - ./nginx/log/:/var/log/nginx/
+      - /etc/letsencrypt/:/etc/letsencrypt/
+    ports:
+      - 80:80
+      - 443:443
+      - 3456:3456
+  tty-proxy:
+    container_name: tty-proxy
+    build: ./
+    ports:
+      - 8080:8080
diff --git a/nginx/.gitignore b/nginx/.gitignore
new file mode 100644
index 0000000..569abc6
--- /dev/null
+++ b/nginx/.gitignore
@@ -0,0 +1,5 @@
+nginx.yaml
+nginx.conf
+
+/log/**
+
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..ba63731
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,19 @@
+FROM ruby as template
+ARG nginx_template_data=nginx.example.yaml
+
+RUN    echo "\e[31m---" \
+    && echo "template_file: ${nginx_template_data} #############" \
+    && echo "---\e[0m"
+ 
+ADD "./nginx.tmpl.conf" ${nginx_template_data} "/build/"
+RUN gem install mustache \
+      && cd /build \
+      && cat ${nginx_template_data} \
+      && mustache ${nginx_template_data} nginx.tmpl.conf > nginx.conf
+
+
+FROM nginx:latest
+#RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y libnginx-mod-stream
+COPY --from=template /build/nginx.conf /etc/nginx/nginx.conf
+
+
diff --git a/nginx/install_certbot_hooks.sh b/nginx/install_certbot_hooks.sh
new file mode 100755
index 0000000..7cd4dd1
--- /dev/null
+++ b/nginx/install_certbot_hooks.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+hook_dir=/etc/letsencrypt/renewal-hooks
+
+project_root="$(git rev-parse --show-toplevel)"
+shebang="#!/bin/sh"
+
+
+sudo cat << EOF > "$hook_dir/pre/tty-proxy.sh"
+$shebang
+
+docker-compose -f "$project_root/docker-compose.yml" down 
+EOF
+
+sudo cat << EOF > "$hook_dir/post/tty-proxy.sh"
+$shebang
+
+docker-compose -f "$project_root/docker-compose.yml" up -d 
+EOF
+
+sudo chmod 755 "$hook_dir/pre/tty-proxy.sh"
+sudo chmod 755 "$hook_dir/post/tty-proxy.sh"
+
diff --git a/nginx/nginx.example.yaml b/nginx/nginx.example.yaml
new file mode 100644
index 0000000..0726ad3
--- /dev/null
+++ b/nginx/nginx.example.yaml
@@ -0,0 +1,4 @@
+your_subdomain: tty.example.com
+ssl:
+ chain: /etc/letsencrypt/live/tty.example.com/fullchain.pem
+ key: /etc/letsencrypt/live/tty.example.com/privkey.pem
diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf
new file mode 100644
index 0000000..56a7a7f
--- /dev/null
+++ b/nginx/nginx.tmpl.conf
@@ -0,0 +1,121 @@
+# Define a yaml with:
+# ---
+# your_subdomain: https://whatever.whatever.whatever
+# ssl:
+#  chain: path_to_your_chain
+#  key: path_to_your_key
+#
+# ---
+
+# Module is loaded by default on container
+# load_module modules/ngx_stream_module.so;
+
+events {
+   worker_connections  1024;  ## Default: 1024
+}
+# You may have to install the stream module separately
+
+
+stream {
+    upstream backend {
+      server tty-proxy:3456;
+    }
+    log_format json_combined escape=json
+      '{'
+        '"time_local":"$time_local",'
+        '"remote_addr":"$remote_addr",'
+        '"remote_port":"$remote_port",'
+        '"hostname": "$hostname",'
+        '"status": "$status",'
+        '"bytes_sent":"$bytes_sent",'
+        '"bytes_received":"$bytes_received",'
+        '"connection":"$connection"'
+      '}';
+    # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
+    # the tty-server tcp connection ssl proxy
+    server {
+        # If ssl is given
+        {{#ssl}}
+          listen 3456 ssl so_keepalive=30m::10;
+          # proxy_ssl off means terminate ssl here which is good. 
+          proxy_ssl off;
+          ssl_certificate {{ssl.chain}}; 
+          ssl_certificate_key {{ssl.key}};
+        {{/ssl}}
+
+        # If ssl is empty or missing
+        {{^ssl}}
+          listen 127.0.0.1:3456;
+        {{/ssl}}
+
+        proxy_pass backend;
+        access_log /var/log/nginx/stream.log json_combined;
+    }
+}
+
+http {
+  log_format json_combined escape=json
+    '{'
+      '"time_local":"$time_local",'
+      '"remote_addr":"$remote_addr",'
+      '"remote_user":"$remote_user",'
+      '"request":"$request",'
+      '"status": "$status",'
+      '"body_bytes_sent":"$body_bytes_sent",'
+      '"request_time":"$request_time",'
+      '"http_referrer":"$http_referer",'
+      '"http_user_agent":"$http_user_agent"'
+    '}';
+
+  # if ssl is given
+  {{#ssl}}
+  map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+      }
+
+  server {
+      listen 80;
+      server_name {{your_subdomain}};
+      return 301 https://{{your_subdomain}}$request_uri;
+           }
+
+   server {
+       listen 443 ssl;
+       server_name {{your_subdomain}};
+       
+       ssl_certificate {{ssl.chain}}; 
+       ssl_certificate_key {{ssl.key}};
+       
+       access_log /var/log/nginx/data-access.log json_combined;
+      
+       location / {
+              proxy_pass http://tty-proxy:8080;
+              proxy_set_header X-Real-IP  $remote_addr;
+              proxy_set_header X-Forwarded-For $remote_addr;
+              proxy_set_header Host $host;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              proxy_redirect http://tty-proxy $scheme://$http_host/;
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection $connection_upgrade;
+              proxy_read_timeout 20d;
+              proxy_buffering off;
+              }
+      }
+
+   {{/ssl}}
+
+   # if ssl is not given
+   {{^ssl}}
+     server {
+        listen 127.0.0.1:80;
+
+        server_name {{your_subdomain}};
+        location / {
+          proxy_pass http://tty-proxy:8080;
+        }
+     }
+   {{/ssl}}
+
+}
diff --git a/nginx/tty-proxy_post_hook.sh b/nginx/tty-proxy_post_hook.sh
new file mode 100755
index 0000000..493b274
--- /dev/null
+++ b/nginx/tty-proxy_post_hook.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+docker-compose -f /home/ubuntu/projects/tty-proxy/docker-compose.yml up -d
+
diff --git a/nginx/tty-proxy_pre_hook.sh b/nginx/tty-proxy_pre_hook.sh
new file mode 100755
index 0000000..0139a15
--- /dev/null
+++ b/nginx/tty-proxy_pre_hook.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+docker-compose -f home/ubuntu/tty-proxy/docker-compose.yml down
+