diff --git a/app.ini b/app.ini
new file mode 100644
index 0000000..c835722
--- /dev/null
+++ b/app.ini
@@ -0,0 +1,77 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = gitea
+WORK_PATH = /var/lib/gitea/
+RUN_MODE = prod
+
+[database]
+DB_TYPE = postgres
+HOST = 127.0.0.1:5432
+NAME = giteadb
+USER = gitea
+PASSWD = [REDACTED]
+SCHEMA =
+SSL_MODE = disable
+PATH = /var/lib/gitea/data/gitea.db
+LOG_SQL = false
+
+[repository]
+ROOT = /var/lib/gitea/data/gitea-repositories
+
+[server]
+SSH_DOMAIN = git.miti.sh
+DOMAIN = git.miti.sh
+HTTP_PORT = 3000
+ROOT_URL = https://git.miti.sh
+APP_DATA_PATH = /var/lib/gitea/data
+DISABLE_SSH = false
+SSH_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = [REDACTED]
+OFFLINE_MODE = true
+
+[lfs]
+PATH = /var/lib/gitea/data/lfs
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+DISABLE_REGISTRATION = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localhost
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /var/lib/gitea/log
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = [REDACTED]
+PASSWORD_HASH_ALGO = pbkdf2
+
+[oauth2]
+JWT_SECRET = [REDACTED]
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 1496207..714f3cd 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -7,15 +7,22 @@ events {
 
 http {
     server {
-        listen 8080;
+        listen 80;
+        listen 443 ssl;
 
         include mime.types;
         charset utf-8;
         default_type text/html;
 
+	ssl_certificate /var/www/certs/miti.sh/fullchain.pem;
+	ssl_certificate_key /var/www/certs/miti.sh/privkey.pem;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
         try_files $uri $uri/ $uri.html =404;
 
-        # return `/posts/index.html` from `/posts`
         location = /posts {
             rewrite ^ /posts/ break;
         }
@@ -30,4 +37,32 @@ http {
             alias css;
         }
     }
+
+    server {
+	listen 443 ssl;
+	server_name git.miti.sh;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+
+	location / {
+            client_max_body_size 1024M;
+            proxy_pass http://localhost:3000;
+            proxy_set_header Connection $http_connection;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+	server_name apps.miti.sh;
+
+        location ^~ /.well-known/acme-challenge {
+            alias /var/www/dehydrated;
+        }
+    }
 }