diff --git a/README.md b/README.md
index fc1bf9b..1c41681 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,17 @@ The build is based on Ubuntu and will install all the required components. The f
* Creation of the MySQL database
* Generation of the admin PGP key
+
+# Optional NGINX config
+
+Included is an optional Docker Compose file 'docker-compose-nginx.yml' to spin up a reverse proxy to sit in front of MISP.
+
+## Config
+* add your "*.crt" and "*.key" files to the ./misp-proxy/ssl folder
+If not implementing SSL (not recommended) then simply comment out the appropriate lines in the "./misp-proxy/default.conf" file.
+* Update "server_name" in default.conf file (will implement ENVIRONMENT VARIABLE in the future)
+
+
# Building your image
## Fetch files
@@ -33,4 +44,16 @@ Edit the docker-compose.yml and change the following environment variables:
## Build the containers
```
# docker-compose build
+or
+# docker-compose -f docker-compose-nginx.yml build
```
+
+## Run containers
+```
+# docker-compose up
+or
+# docker-compose -f docker-compose-nginx.yml up
+```
+
+
+
diff --git a/docker-compose-nginx.yml b/docker-compose-nginx.yml
new file mode 100644
index 0000000..845c7ea
--- /dev/null
+++ b/docker-compose-nginx.yml
@@ -0,0 +1,61 @@
+version: '2'
+
+services:
+ proxy:
+ build:
+ context: misp-proxy
+ container_name: misp-proxy
+ depends_on:
+ - misp-web
+ hostname: misp-proxy
+ image: misp-proxy:latest
+ networks:
+ - misp-network
+ ports:
+ - 81:80
+ - 4443:443
+
+ misp-web:
+ build: misp-web
+ depends_on:
+ - misp-db
+ container_name: misp-web
+ hostname: misp-web
+ image: misp-web:latest
+ restart: always
+ networks:
+ - misp-network
+ links:
+ - misp-db
+ volumes:
+ - /dev/urandom:/dev/random
+ - /data/misp:/var/www/MISP
+ environment:
+ - MYSQL_ROOT_PASSWORD=xxxxxxxx
+ - MYSQL_MISP_PASSWORD=xxxxxxxx
+ - MYSQL_HOST=misp-db
+ - MISP_ADMIN_EMAIL=admin@admin.test
+ - MISP_ADMIN_PASSPHRASE=xxxxxxxxx
+ - MISP_BASEURL=http:\/\/misp\.test
+ - POSTFIX_RELAY_HOST=relay.fqdn
+ - TIMEZONE=Europe/Brussels
+
+ misp-db:
+ build:
+ context: misp-db
+ args:
+ MYSQL_MISP_PASSWORD: xxxxxxxx
+ container_name: misp-db
+ hostname: misp-db
+ image: misp-db:latest
+ restart: always
+ networks:
+ - misp-network
+ volumes:
+ - /data/mysql:/var/lib/mysql
+ environment:
+ - MYSQL_ROOT_PASSWORD=xxxxxxxx
+
+networks:
+ misp-network:
+ driver: bridge
diff --git a/misp-proxy/Dockerfile b/misp-proxy/Dockerfile
new file mode 100644
index 0000000..39e6962
--- /dev/null
+++ b/misp-proxy/Dockerfile
@@ -0,0 +1,13 @@
+FROM nginx:1.9
+
+# default conf for proxy service
+COPY ./default.conf /etc/nginx/conf.d/default.conf
+
+# NOT FOUND response
+COPY ./backend-not-found.html /var/www/html/backend-not-found.html
+
+# Proxy and SSL configurations
+COPY ./includes/ /etc/nginx/includes/
+
+# Proxy SSL certificates
+COPY ./ssl/ /etc/ssl/certs/nginx/
diff --git a/misp-proxy/backend-not-found.html b/misp-proxy/backend-not-found.html
new file mode 100644
index 0000000..bebb95c
--- /dev/null
+++ b/misp-proxy/backend-not-found.html
@@ -0,0 +1,6 @@
+
+Proxy Backend Not Found
+
+Proxy Backend Not Found
+
+
diff --git a/misp-proxy/default.conf b/misp-proxy/default.conf
new file mode 100644
index 0000000..13dd9fa
--- /dev/null
+++ b/misp-proxy/default.conf
@@ -0,0 +1,45 @@
+# web service1 config.
+server {
+ listen 80;
+ listen 443 ssl http2;
+ server_name misp.test;
+
+ if ($scheme != "https") {
+ rewrite ^ https://$host$uri permanent;
+ }
+
+ # Path for SSL config/key/certificate
+ ssl_certificate /etc/ssl/certs/nginx/misp.crt;
+ ssl_certificate_key /etc/ssl/certs/nginx/misp.key;
+ include /etc/nginx/includes/ssl.conf;
+
+ location / {
+ include /etc/nginx/includes/proxy.conf;
+ proxy_pass http://misp-web;
+ }
+
+ access_log off;
+ error_log /var/log/nginx/error.log error;
+}
+
+# Default
+server {
+ listen 80 default_server;
+
+ server_name _;
+ root /var/www/html;
+
+ charset UTF-8;
+
+ error_page 404 /backend-not-found.html;
+ location = /backend-not-found.html {
+ allow all;
+ }
+ location / {
+ return 404;
+ }
+
+ access_log off;
+ log_not_found off;
+ error_log /var/log/nginx/error.log error;
+}
diff --git a/misp-proxy/includes/proxy.conf b/misp-proxy/includes/proxy.conf
new file mode 100644
index 0000000..716d590
--- /dev/null
+++ b/misp-proxy/includes/proxy.conf
@@ -0,0 +1,8 @@
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_buffering off;
+proxy_request_buffering off;
+proxy_http_version 1.1;
+proxy_intercept_errors on;
diff --git a/misp-proxy/includes/ssl.conf b/misp-proxy/includes/ssl.conf
new file mode 100644
index 0000000..6501d91
--- /dev/null
+++ b/misp-proxy/includes/ssl.conf
@@ -0,0 +1,7 @@
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHAECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+ssl_prefer_server_ciphers on;
diff --git a/misp-proxy/ssl/place_certs_here b/misp-proxy/ssl/place_certs_here
new file mode 100644
index 0000000..e69de29