diff --git a/etc/nginx/conf.d/sites_miniflux.conf b/etc/nginx/conf.d/sites_miniflux.conf
new file mode 100644
index 0000000..1b1bde5
--- /dev/null
+++ b/etc/nginx/conf.d/sites_miniflux.conf
@@ -0,0 +1,27 @@
+server {
+    listen ipv4_1:443 quic reuseport;
+    listen ipv4_1:443 ssl;
+    listen [ipv6_1]:443 quic reuseport;
+    listen [ipv6_1]:443 ssl;
+
+    server_name miniflux.yourdomain.tld;
+
+    ssl_certificate /etc/letsencrypt/live/miniflux.yourdomain.tld/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/miniflux.yourdomain.tld/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/miniflux.yourdomain.tld/chain.pem;
+    ssl_stapling_file  /var/cache/certbot-ocsp-fetcher/miniflux.yourdomain.tld.der;
+
+    include snippets/universal_paths.conf;
+    include snippets/hsts.conf;
+    include snippets/security.conf;
+    include snippets/cross-origin-security.conf;
+    include snippets/quic.conf;
+    include snippets/proxy.conf;
+
+    proxy_hide_header Content-Security-Policy;
+    add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; frame-src *; img-src *; manifest-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
+
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+    }
+}
\ No newline at end of file