diff --git a/cockpit.conf b/cockpit.conf
new file mode 100644
index 0000000..aa15bac
--- /dev/null
+++ b/cockpit.conf
@@ -0,0 +1,25 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name portal.exozy.me;
+
+    ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
+
+    location / {
+        # Required to proxy the connection to Cockpit
+        proxy_pass https://127.0.0.1:9009;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Required for web sockets to function
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Pass ETag header from Cockpit to clients.
+        # See: https://github.com/cockpit-project/cockpit/issues/5239
+        gzip off;
+    }
+}