diff --git a/production/nginx-bisq.conf b/production/nginx-bisq.conf
new file mode 100644
index 000000000..25873c78c
--- /dev/null
+++ b/production/nginx-bisq.conf
@@ -0,0 +1,75 @@
+root /mempool/public_html/markets/en-US;
+index index.html;
+
+set $frameOptions "DENY";
+set $contentSecurityPolicy "frame-ancestors 'none'";
+if ($http_referer ~ ^https://bisq.markets/)
+{
+	set $frameOptions "ALLOW-FROM https://bisq.markets";
+	set $contentSecurityPolicy "frame-ancestors https://bisq.markets";
+}
+if ($http_referer ~ ^https://bisq.network/)
+{
+	set $frameOptions "ALLOW-FROM https://bisq.network";
+	set $contentSecurityPolicy "frame-ancestors https://bisq.network";
+}
+add_header X-Frame-Options $frameOptions;
+add_header Content-Security-Policy $contentSecurityPolicy;
+add_header Link "<https://bisq.markets$request_uri>; rel=\"canonical\"";
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+#add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
+
+proxy_cache markets;
+proxy_cache_valid 200 30s;
+
+location / {
+	try_files $uri $uri/ /index.html;
+}
+location /api {
+	rewrite ^/api$ / break;
+	rewrite ^/api/$ / break;
+	rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
+	try_files $uri $uri/ @mempool;
+}
+location /bisq/api/markets {
+	rewrite ^/bisq/api/markets/(.*) /api/v1/bisq/markets/$1 break;
+	try_files $uri $uri/ @mempool;
+}
+location /bisq/api/v1/markets {
+	rewrite ^/bisq/api/v1/markets/(.*) /api/v1/bisq/markets/$1 break;
+	try_files $uri $uri/ @mempool;
+}
+location /bisq/api/v1/ws {
+	proxy_pass http://127.0.0.1:8996/;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "Upgrade";
+}
+location /api/markets {
+	rewrite ^/api/markets/(.*) /api/v1/bisq/markets/$1 break;
+	try_files $uri $uri/ @mempool;
+}
+location /api/v1/markets {
+	rewrite ^/api/v1/markets/(.*) /api/v1/bisq/markets/$1 break;
+	try_files $uri $uri/ @mempool;
+}
+location /api/v1/ws {
+	proxy_pass http://127.0.0.1:8996/;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "Upgrade";
+}
+location @mempool {
+	proxy_pass http://127.0.0.1:8996;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $http_host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+
+	proxy_cache_bypass $http_upgrade;
+	proxy_redirect off;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}