diff --git a/paperless-ngx.subdomain.conf.sample b/paperless-ngx.subdomain.conf.sample
new file mode 100644
index 0000000..9f5e7f7
--- /dev/null
+++ b/paperless-ngx.subdomain.conf.sample
@@ -0,0 +1,57 @@
+## Version 2023/05/31
+# make sure that your paperless-ngx container is named paperless-ngx
+# make sure that your dns has a cname set for paperless-ngx
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name paperless-ngx.*;
+    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 10M;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app paperless-ngx;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+		#proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        #proxy_redirect off;
+        #proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+        #add_header Referrer-Policy "strict-origin-when-cross-origin";
+    }
+
+}