diff --git a/abra.sh b/abra.sh
index 7c5fe57..c412875 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1 +1,2 @@
 export APP_ENTRYPOINT_VERSION=v1
+export NGINX_CONFIG_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 135fda2..97b309a 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,6 +2,27 @@
 version: "3.8"
 
 services:
+  web:
+    image: nginx:1.20.0
+    networks:
+      - proxy
+      - internal
+    environment:
+      - DOMAIN
+      - STACK_NAME
+    configs:
+      - source: nginx_config
+        target: /etc/nginx/nginx.conf
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
   app:
     image: "lscr.io/linuxserver/calibre-web:0.6.14"
     environment:
@@ -15,28 +36,14 @@ services:
       - config:/config
       - books:/books
     networks:
-      - proxy
+      - internal
     configs:
       - source: app_entrypoint
         target: /config/custom-cont-init.d/entrypoint.sh
         mode: 0555
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8083"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
 
 networks:
+  internal:
   proxy:
     external: true
 
@@ -49,3 +56,7 @@ configs:
     name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
+  nginx_config:
+    name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
+    file: nginx.conf.tmpl
+    template_driver: golang
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
new file mode 100644
index 0000000..32798b0
--- /dev/null
+++ b/nginx.conf.tmpl
@@ -0,0 +1,29 @@
+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  upstream backend {
+    server {{ env "STACK_NAME" }}_app:8083;
+  }
+
+  include /etc/nginx/mime.types;
+
+  server {
+    listen 80;
+    server_name {{ env "DOMAIN" }};
+
+    client_max_body_size 20M;
+
+    location / {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host            $host;
+      proxy_set_header X-Real-IP       $remote_addr;
+      proxy_set_header X-Scheme        https;
+
+      proxy_pass http://backend;
+    }
+  }
+}