diff --git a/cert-monitor.sh b/cert-monitor.sh
index c4481fc..d424207 100755
--- a/cert-monitor.sh
+++ b/cert-monitor.sh
@@ -5,11 +5,12 @@ CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
 export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
 export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTPS_PORT-443}
 export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
+export SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT-8000}
 
 while sleep 10; do
 	if test -f "$CERT_PATH"; then
 		for proto in http https; do
-			envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
+			envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT $SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT' \
 			  < /etc/nginx/templates/$proto \
 			  > /etc/nginx/sites-enabled/$proto;
 		done
diff --git a/nginx/http.template b/nginx/http.template
index 165afb4..3fcd1c1 100644
--- a/nginx/http.template
+++ b/nginx/http.template
@@ -6,15 +6,23 @@ server {
     server_name groups.${SNIKKET_DOMAIN};
     server_name share.${SNIKKET_DOMAIN};
 
+    root /var/www/html;
+
     location / {
+        try_files $uri @portal;
+    }
+
+    location @portal {
+        proxy_pass http://localhost:${SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT};
+        proxy_set_header  Host            $host;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto https;
+    }
+
+    location /_/ {
         proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Proto http;
-    }
-
-    location ^~ /.well-known/acme-challenge {
-        allow all;
-        alias /var/www/html/.well-known/acme-challenge;
+        proxy_set_header  X-Forwarded-Proto https;
     }
 }
diff --git a/nginx/https.template b/nginx/https.template
index 6827438..0a36762 100644
--- a/nginx/https.template
+++ b/nginx/https.template
@@ -15,15 +15,21 @@ server {
     server_name groups.${SNIKKET_DOMAIN};
     server_name share.${SNIKKET_DOMAIN};
 
+    root /var/www/html;
+
     location / {
-        proxy_pass http://localhost:8000/;
+        try_files $uri @portal;
+    }
+
+    location @portal {
+        proxy_pass http://localhost:${SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT};
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto https;
     }
 
     location /_/ {
-        proxy_pass http://localhost:5280/;
+        proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto https;