diff --git a/Nginx-Reverse-Proxy.md b/Nginx-Reverse-Proxy.md
new file mode 100644
index 0000000..4c529cc
--- /dev/null
+++ b/Nginx-Reverse-Proxy.md
@@ -0,0 +1,28 @@
+This is a very basic config, secured with Let's Encrypt. Any log is disabled by default. Do not forget to replace `server_name` with your domain.   
+
+```
+server {
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name invidious.domain.tld;
+
+	access_log off;
+	error_log /var/log/nginx/error.log crit;
+
+	ssl_certificate /etc/letsencrypt/live/invidious.domain.tld/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/invidious.domain.tld/privkey.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:3000/;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header Host $host;	# so invidious knows domain
+		proxy_http_version 1.1;		# to keep alive
+		proxy_set_header Connection "";	# to keep alive
+	}
+
+	if ($https = '') { return 301 https://$host$request_uri; }	# if not connected to https, perma redirect to https 
+}
+```
\ No newline at end of file