diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
new file mode 100644
index 0000000..e411c95
--- /dev/null
+++ b/rootfs/etc/nginx/nginx.conf
@@ -0,0 +1,105 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+daemon off;
+error_log /dev/fd/2 error;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    client_body_temp_path /tmp/client_body_temp;
+    proxy_temp_path /tmp/proxy_temp;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+    access_log /dev/fd/1;
+    client_max_body_size 8M;
+
+    server {
+        listen 8000;
+        server_name  localhost;
+
+        root   /var/www/html/public;
+        index  index.php;
+        include /etc/nginx/mime.types;
+
+        location /shopware-installer.phar.php {
+            try_files $uri /shopware-installer.phar.php$is_args$args;
+        }
+
+        location ~ ^/shopware-installer\.phar\.php/.+\.(?:css|js|png|svg|woff)$ {
+            try_files $uri /shopware-installer.phar.php$is_args$args;
+        }
+
+        # Deny access to . (dot) files
+        location ~ /\. {
+            deny all;
+        }
+
+        # Deny access to .php files in public directories
+        location ~ ^/(media|thumbnail|theme|bundles|sitemap).*\.php$ {
+            deny all;
+        }
+
+        location ~ ^/(theme|media|thumbnail|bundles|css|fonts|js|recovery|sitemap)/ {
+            expires 1y;
+            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+            log_not_found off;
+            tcp_nodelay off;
+            open_file_cache max=3000 inactive=120s;
+            open_file_cache_valid 45s;
+            open_file_cache_min_uses 2;
+            open_file_cache_errors off;
+
+            location ~* ^.+\.svg {
+                add_header Content-Security-Policy "script-src 'none'";
+                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+                log_not_found off;
+            }
+        }
+
+        location ~* ^.+\.(?:css|cur|js|jpe?g|gif|ico|png|svg|webp|html|woff|woff2|xml)$ {
+            expires 1y;
+            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+
+            access_log off;
+
+            # The directive enables or disables messages in error_log about files not found on disk.
+            log_not_found off;
+
+            tcp_nodelay off;
+
+            ## Set the OS file cache.
+            open_file_cache max=3000 inactive=120s;
+            open_file_cache_valid 45s;
+            open_file_cache_min_uses 2;
+            open_file_cache_errors off;
+
+            try_files $uri /index.php$is_args$args;
+        }
+
+        location ~* ^.+\.svg$ {
+            add_header Content-Security-Policy "script-src 'none'";
+        }
+
+        location / {
+            try_files $uri /index.php$is_args$args;
+        }
+
+        location ~ \.php$ {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            include fastcgi.conf;
+            fastcgi_buffers 8 16k;
+            fastcgi_buffer_size 32k;
+            fastcgi_read_timeout 300s;
+            client_body_buffer_size 128k;
+            fastcgi_pass unix:/tmp/php-fpm.sock;
+        }
+
+        gzip on;
+        gzip_min_length 1000;
+        gzip_proxied expired no-cache no-store private auth;
+        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    }
+}