diff --git a/config/nginx/logs/.gitignore b/config/nginx/logs/.gitignore
new file mode 100644
index 0000000..c96a04f
--- /dev/null
+++ b/config/nginx/logs/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/config/nginx/mime.types b/config/nginx/mime.types
new file mode 100644
index 0000000..eb9a9ca
--- /dev/null
+++ b/config/nginx/mime.types
@@ -0,0 +1,49 @@
+types {
+  text/html                             html htm shtml;
+  text/css                              css;
+  text/xml                              xml rss;
+  image/gif                             gif;
+  image/jpeg                            jpeg jpg;
+  application/x-javascript              js;
+  text/plain                            txt;
+  text/x-component                      htc;
+  text/mathml                           mml;
+  image/png                             png;
+  image/x-icon                          ico;
+  image/x-jng                           jng;
+  image/vnd.wap.wbmp                    wbmp;
+  image/svg+xml                         svg svgz;
+  application/java-archive              jar war ear;
+  application/mac-binhex40              hqx;
+  application/pdf                       pdf;
+  application/x-cocoa                   cco;
+  application/x-java-archive-diff       jardiff;
+  application/x-java-jnlp-file          jnlp;
+  application/x-makeself                run;
+  application/x-perl                    pl pm;
+  application/x-pilot                   prc pdb;
+  application/x-rar-compressed          rar;
+  application/x-redhat-package-manager  rpm;
+  application/x-sea                     sea;
+  application/x-shockwave-flash         swf;
+  application/x-stuffit                 sit;
+  application/x-tcl                     tcl tk;
+  application/x-x509-ca-cert            der pem crt;
+  application/x-xpinstall               xpi;
+  application/zip                       zip;
+  application/octet-stream              deb;
+  application/octet-stream              bin exe dll;
+  application/octet-stream              dmg;
+  application/octet-stream              eot;
+  application/octet-stream              iso img;
+  application/octet-stream              msi msp msm;
+  audio/mpeg                            mp3;
+  audio/x-realaudio                     ra;
+  video/mpeg                            mpeg mpg;
+  video/quicktime                       mov;
+  video/x-flv                           flv;
+  video/x-msvideo                       avi;
+  video/x-ms-wmv                        wmv;
+  video/x-ms-asf                        asx asf;
+  video/x-mng                           mng;
+}
\ No newline at end of file
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
new file mode 100644
index 0000000..ba54f50
--- /dev/null
+++ b/config/nginx/nginx.conf
@@ -0,0 +1,31 @@
+user       nobody nobody;
+worker_processes  4;
+error_log  logs/error.log;
+pid        logs/nginx.pid;
+worker_rlimit_nofile 8192;
+
+events {
+  worker_connections  4096;  ## Default: 1024
+}
+
+http {
+  include    mime.types;
+  include    proxy.conf;
+  index    index.html index.htm;
+
+  default_type application/octet-stream;
+  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
+    '"$request" $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log   logs/access.log  main;
+  sendfile     on;
+  tcp_nopush   on;
+  server_names_hash_bucket_size 128; # this seems to be required for some vhosts
+
+  server {
+    listen 80;
+    location / {
+      proxy_pass http://server;
+    }
+  }
+}
\ No newline at end of file
diff --git a/config/nginx/proxy.conf b/config/nginx/proxy.conf
new file mode 100644
index 0000000..0906ee1
--- /dev/null
+++ b/config/nginx/proxy.conf
@@ -0,0 +1,10 @@
+proxy_redirect          off;
+proxy_set_header        Host            $host;
+proxy_set_header        X-Real-IP       $remote_addr;
+proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+client_max_body_size    10m;
+client_body_buffer_size 128k;
+proxy_connect_timeout   90;
+proxy_send_timeout      90;
+proxy_read_timeout      90;
+proxy_buffers           32 4k;
\ No newline at end of file
diff --git a/docker-compose.dev b/docker-compose.dev
index dba401d..c543023 100644
--- a/docker-compose.dev
+++ b/docker-compose.dev
@@ -7,7 +7,6 @@ services:
     volumes:
       - './:/opt/code'
     ports:
-      - '${APP_PORT}:${APP_PORT}'
       - '9229:9229'
     env_file: ./.env
     environment:
@@ -21,6 +20,14 @@ services:
       - '6379:6379'
     networks:
       - homepage
+  nginx:
+    image: nginx:alpine
+    ports:
+      - '${APP_PORT}:80'
+    networks:
+      - homepage
+    volumes:
+      - './config/nginx:/etc/nginx'
   db:
     image: postgres:alpine
     ports:
diff --git a/docker-compose.prod b/docker-compose.prod
index deec8ba..b6fa1c6 100644
--- a/docker-compose.prod
+++ b/docker-compose.prod
@@ -7,8 +7,6 @@ services:
       dockerfile: Dockerfile
     volumes:
       - './:/opt/code'
-    ports:
-      - '${APP_PORT}:${APP_PORT}'
     env_file: ./.env
     environment:
       APP_PORT: '${APP_PORT}'
@@ -19,6 +17,14 @@ services:
     image: redis:alpine
     networks:
       - homepage
+  nginx:
+    image: nginx:alpine
+    ports:
+      - '${APP_PORT}:80'
+    networks:
+      - homepage
+    volumes:
+      - './config/nginx:/etc/nginx'
   db:
     restart: always
     image: postgres:alpine
diff --git a/index.js b/index.js
index c0aea5d..6a2c4c8 100644
--- a/index.js
+++ b/index.js
@@ -13,7 +13,9 @@ const app = express();
 const session = require('express-session');
 const bodyparser = require('body-parser');
 
-const { APP_PORT } = process.env;
+// this runs behind nginx now, which handles
+// the external port
+const APP_PORT = 80; // process.env;
 
 app.set('trust proxy', process.env.TRUST_PROXY);