diff --git a/nginx-proxy/acme/.gitkeep b/nginx-proxy/acme/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-proxy/certs/.gitkeep b/nginx-proxy/certs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/nginx-proxy/nginx.conf b/nginx-proxy/nginx.conf
new file mode 100644
index 0000000..bc6eb2b
--- /dev/null
+++ b/nginx-proxy/nginx.conf
@@ -0,0 +1,38 @@
+events {
+}
+
+http {
+
+  server {
+    listen 80;
+    server_name _;
+
+    location /.well-known/acme-challenge {
+      root /acme;
+      try_files $uri $uri/ =404;
+    }
+
+    location / {
+      return 301 https://$host$request_uri;
+    }
+  }
+
+  server {
+    listen 443 ssl;
+    server_name _;
+
+    include       /etc/nginx/mime.types;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate     /certs/keycloak-cert.pem;
+    ssl_certificate_key /certs/keycloak-key.pem;
+
+    proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
+    proxy_set_header X-Forwarded-Proto $scheme;            # To forward the  original protocol (HTTP or HTTPS)
+    proxy_set_header Host $host;                           # To forward the original host requested by the client
+
+    location / {
+      proxy_pass http://keycloak:8080;       # 'keycloak' refers to Keycloak's container name in docker-compose
+    }
+  }
+}