diff --git a/stechuhr.server.nginx.config b/stechuhr.server.nginx.config
new file mode 100644
index 0000000000000000000000000000000000000000..e7bc1d147d8d86e148d66dc21ce993cd965a3982
--- /dev/null
+++ b/stechuhr.server.nginx.config
@@ -0,0 +1,37 @@
+server {
+        server_name     stechuhr.server;
+
+        add_header      Cache-Control   no-cache;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
+        add_header x-frame-options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+
+        listen 80;
+        listen [::]:80;
+
+        client_max_body_size 10M;
+        client_body_buffer_size 128k;
+
+        access_log /var/log/nginx/stechuhr.server-access.log;
+        error_log /var/log/nginx/stechuhr.server-error.log;
+
+        location / {
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-Host $host;
+                proxy_set_header X-Forwarded-Server $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                
+                proxy_redirect http://127.0.0.1:5000/ /;
+                proxy_pass http://127.0.0.1:5000;
+                proxy_read_timeout 86400s;
+                proxy_send_timeout 86400s;
+                allow all; # Any IP can perform any other requests
+
+                add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
+                add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
+        }
+}
\ No newline at end of file