diff --git a/kiwiirc.subdomain.conf.sample b/kiwiirc.subdomain.conf.sample
new file mode 100644
index 0000000..7de074d
--- /dev/null
+++ b/kiwiirc.subdomain.conf.sample
@@ -0,0 +1,71 @@
+server {
+   
+    listen 80;
+    listen [::]:80;
+    server_name kiwi.domain.com;
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name kiwi.domain.com;
+    ssl_certificate /etc/letsencrypt/live/kiwi.domain.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/kiwi.domain.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    add_header Access-Control-Allow-Origin *;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Cache-Control "public, no-transform";
+    add_header Referrer-Policy same-origin;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    expires 1y;
+    client_body_timeout 5s;
+    client_header_timeout 5s;
+    location / {
+        index index.html;
+        limit_conn addr 1;
+        proxy_cache my_cache;
+        root /usr/share/kiwiirc_master/;
+        if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Credentials' 'true';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+        add_header 'Access-Control-Max-Age' 1728000;
+        add_header 'Content-Type' 'text/plain charset=UTF-8';
+        add_header 'Content-Length' 0;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        return 204;
+     }
+        location /static/config.json {
+        alias /etc/kiwiirc/client.json;
+    }
+    location /plugins/ {
+        alias /usr/share/kiwiirc_plugins/;
+    }
+    location /webirc/ {
+        # Forward incoming requests to local webircgateway socket
+        proxy_pass http://unix:/tmp/kiwiirc.sock;
+        limit_conn addr 1;
+        proxy_ignore_headers Cache-Control;
+        proxy_cache my_cache;
+        proxy_cache_revalidate on;
+        proxy_cache_min_uses 3;
+        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+        proxy_cache_background_update on;
+        proxy_cache_lock on;
+        proxy_cache_bypass $cookie_nocache $arg_nocache;
+	    proxy_max_temp_file_size 0;
+        # Set http version and headers
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-Host   $host;
+        proxy_set_header X-Forwarded-Proto  $scheme;
+        proxy_set_header X-Forwarded-For    $remote_addr;
+        # Allow upgrades to websockets
+        proxy_set_header Upgrade     $http_upgrade;
+        proxy_set_header Connection  "upgrade";
+    }
+}