diff --git a/installation/movienight.nginx b/installation/movienight.nginx
new file mode 100644
index 0000000..71e110a
--- /dev/null
+++ b/installation/movienight.nginx
@@ -0,0 +1,85 @@
+# For websockets
+map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+}
+
+# Configure upstream
+upstream movienight {
+        server localhost:8089;
+}
+
+# Secure redirect
+server {
+    server_name    example.com;
+    listen         ipv4:80;
+    listen         [ipv6]:80;
+    return         301 https://$host$request_uri;
+
+    # Uncomment this if you need to use the 'webroot' method with certbot. Make sure
+    # that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and
+    # that is is accessible by the webserver. You may need to load this file with the ssl
+    # server block commented out, run certbot to get the certificate, and then uncomment it.
+    #
+    # location ~ /\.well-known/acme-challenge {
+    #     root <path to install>/pleroma/priv/static/;
+    # }
+}
+
+# movienight
+server {
+    server_name example.com;
+
+    # Enable QUIC and HTTP/3.
+    #listen ipv4:port quic reuseport;
+    #listen [ipv6]:port quic reuseport;
+
+    listen ipv4:443;
+    listen [ipv6]:443 ssl http2;
+
+    # TLS
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    #ssl_dhparam /etc/nginx/dhparam.pem; # generate with openssl dhparam -out /etc/nginx/dhparam.pem 4096
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_session_tickets off;
+    ssl_session_timeout 10m;
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_ciphers "EECDH+CHACHA20:EECDH+AESGCM";
+
+
+    # HTST
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+
+    # Cert
+    ssl_trusted_certificate   /etc/nginx/certs/example.com/cert_ecc.pem;
+    ssl_certificate           /etc/nginx/certs/example.com/cert_ecc.pem;
+    ssl_certificate_key       /etc/nginx/certs/exaample.com/key_ecc.pem;
+
+    # Allow unlimited upload
+    client_max_body_size 0;
+
+    # Headers
+        # Add Alt-Svc header to negotiate HTTP/3.
+        #add_header alt-svc 'h3-27=":port"; ma=86400';
+
+    location / {
+        proxy_pass http://movienight;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port  $server_port;
+        add_header referrer-policy same-origin;
+        add_header x-content-type-options nosniff;
+        add_header x-download-options noopen;
+        add_header x-frame-options self;
+        add_header x-permitted-cross-domain-policies none;
+        add_header x-xss-protection "1; mode=block;";
+
+    }
+}