diff --git a/hosts/server/nextcloud.nix b/hosts/server/nextcloud.nix
index 9a4a12a..cc23e8b 100644
--- a/hosts/server/nextcloud.nix
+++ b/hosts/server/nextcloud.nix
@@ -7,8 +7,27 @@
     package = pkgs.nextcloud29;
     hostName = "localhost";
     config.adminpassFile = "/etc/nextcloudpwd";
-    settings = { overwritehost = "localhost:8080"; };
+    nginx.enable = true;
   };
 
-  networking.firewall.allowedTCPPorts = [ 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Only allow PFS-enabled ciphers with AES256
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    # Setup Nextcloud virtual host to listen on ports
+    virtualHosts = {
+
+      "localhost" = { };
+    };
+  };
 }