diff --git a/infrastructure_files/nginx.tmpl.conf b/infrastructure_files/nginx.tmpl.conf
new file mode 100644
index 000000000..77739a67a
--- /dev/null
+++ b/infrastructure_files/nginx.tmpl.conf
@@ -0,0 +1,77 @@
+# This template enables proxying netbird behind Nginx.
+#
+# To modify this template for your own use,
+# change the ports for the services, set your
+# server_name (e.g. vpn.example.com) and insert
+# your own ssl certificates
+
+upstream dashboard {
+    # insert the http port of your dashboard container here
+    server 127.0.0.1:8011;
+
+    # Improve performance by keeping some connections alive.
+    keepalive 10;
+}
+upstream signal {
+    # insert the grpc port of your signal container here
+    server 127.0.0.1:10000;
+}
+upstream management {
+    # insert the grpc+http port of your signal container here
+    server 127.0.0.1:8012;
+}
+
+server {
+    # HTTP server config
+    listen 80;
+    server_name _;
+
+    # 301 redirect to HTTPS
+    location / {
+            return 301 https://$host$request_uri;
+    }
+}
+server {
+    # HTTPS server config
+    listen 443 ssl http2;
+    server_name _;
+
+    # This is necessary so that grpc connections do not get closed early
+    # see https://stackoverflow.com/a/67805465
+    client_header_timeout 1d;
+    client_body_timeout 1d;
+
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Scheme $scheme;
+    proxy_set_header        X-Forwarded-Proto https;
+    proxy_set_header        X-Forwarded-Host $host;
+
+    # Proxy dashboard
+    location / {
+        proxy_pass http://dashboard;
+    }
+    # Proxy Signal
+    location /signalexchange.SignalExchange/ {
+        grpc_pass grpc://signal;
+        #grpc_ssl_verify off;
+        grpc_read_timeout 1d;
+        grpc_send_timeout 1d;
+        grpc_socket_keepalive on;
+    }
+    # Proxy Management http endpoint
+    location /api {
+        proxy_pass http://management;
+    }
+    # Proxy Management grpc endpoint
+    location /management.ManagementService/ {
+        grpc_pass grpc://management;
+        #grpc_ssl_verify off;
+        grpc_read_timeout 1d;
+        grpc_send_timeout 1d;
+        grpc_socket_keepalive on;
+    }
+
+    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+    ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;
+}
\ No newline at end of file