diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..6fae7ca
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,63 @@
+server {
+  server_name www.hozon.site hozon.site;
+
+  if ($host = www.hozon.site) {
+    return 301 https://hozon.site$request_uri;
+  }
+
+  index index.php index.html index.htm;
+
+  root  /www/active/hozon.site/www;
+
+  add_header Permissions-Policy interest-cohort=();
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+
+  location / {
+    add_header Permissions-Policy interest-cohort=();
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+    satisfy any;
+    allow all;
+    try_files $uri $uri/ /index.php?$query_string;
+  }
+
+  location ~ \.php$ {
+    try_files $uri =404;
+    fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+  }
+
+  location ~*  \.(jpg|jpeg|png|gif|ico|woff|webp)$ {
+    expires 365d;
+  }
+
+  location ~*  \.(css|js|json)$ {
+    expires 7d;
+  }
+
+  listen 443 ssl http2;
+  ssl_certificate /etc/letsencrypt/live/hozon.site/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/hozon.site/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+}
+
+server {
+  server_name www.hozon.site hozon.site;
+  listen 80;
+
+  if ($host = hozon.site) {
+    return 301 https://$host$request_uri;
+  }
+
+  if ($host = www.hozon.site) {
+    return 301 https://hozon.site$request_uri;
+  }
+
+  return 404;
+}