diff --git a/files/neocities b/files/neocities
index ebeab584..30ab3282 100644
--- a/files/neocities
+++ b/files/neocities
@@ -1,12 +1,33 @@
   server {
+    listen 80; 
+    listen 443 ssl;
+    ssl_certificate     /etc/nginx/certs/neocities.org.crt;
+    ssl_certificate_key /etc/nginx/certs/neocities.org.key;
+    server_name www.neocities.org;
+    rewrite ^(.*)$ $scheme://neocities.org$1 permanent;
+  }
+
+  server {
+    listen 80; 
+    listen 443 ssl;
+    ssl_certificate     /etc/nginx/certs/neocities.org.crt;
+    ssl_certificate_key /etc/nginx/certs/neocities.org.key;
+
+    set $ssl off;
+    if ($scheme = https) {
+      set $ssl on; 
+    }   
+
     root /home/web/neocities-web/public;
-    server_name neocities.org www.neocities.org;
+    server_name neocities.org;
     access_log /var/log/nginx/neocities-web.log;
 
+    error_page 500 = /gateway_error.html;
+
 #    location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
 #      expires 60s;
 #      log_not_found off;
-#    }
+#    }   
 
     try_files $uri @neocities;
 
@@ -14,28 +35,39 @@
       proxy_set_header  X-Real-IP  $remote_addr;
       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-Ssl $ssl;
       proxy_max_temp_file_size 0;
 
-      proxy_pass http://127.0.0.1:20000;
+      # proxy_pass http://127.0.0.1:20000;
+      proxy_pass http://unix:/var/run/neocities/neocities.sock;
       break;
     }
   }
 
-	server {
-		server_name ~^(?<subdomain>.+)\.neocities.org$;
+  server {
+    listen 80;
+    listen 443 ssl;
+    ssl_certificate     /etc/nginx/certs/neocities.org.crt;
+    ssl_certificate_key /etc/nginx/certs/neocities.org.key;
+
+    server_name ~^(?<subdomain>.+)\.neocities.org$;
     access_log /var/log/nginx/neocities-sites.log neocities;
     root /home/web/neocities-web/public/sites/$subdomain;
     index /index.html;
-    error_page 404 = /not_found.html;
+
+    error_page 404 = @notfound;
+
+    location @notfound {
+        try_files /not_found.html @notfound_root;
+    }
+
+    location @notfound_root {
+      root /home/web/neocities-web/public;
+      try_files /web_site_not_found.html =404;
+    }
 
     location ~*  \.(html|jpg|jpeg|png|gif|ico|css|js)$ {
       # expires 20s;
       log_not_found off;
     }
-	}
-
-  server {
-    server_name webalizer.neocities.org;
-    root /var/www/webalizer;
-    index index.html;
   }
diff --git a/files/nginx.conf b/files/nginx.conf
index 16280baa..c045205f 100644
--- a/files/nginx.conf
+++ b/files/nginx.conf
@@ -1,53 +1,51 @@
-user www-data;
-worker_processes 6;
+user www-data www-data;
+worker_processes 8;
 pid /var/run/nginx.pid;
 
 events {
 	worker_connections 4000;
 	multi_accept on;
-  use epoll;
+        use epoll;
 }
 
 http {
 
-  log_format neocities '$time_iso8601 $subdomain $bytes_sent $request_uri '
+	root /home/web/neocities-web/public;
+        error_page 404 = /not_found.html;
 
-	##
-	# Basic Settings
-	##
+	log_format neocities '$time_iso8601 $subdomain $bytes_sent $request_uri ';
 
-  sendfile on;
-	#sendfile off;
-  #output_buffers 2 512k;
+	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers   ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
+	ssl_prefer_server_ciphers   on;
 
+	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
-	keepalive_timeout 10;
+	keepalive_timeout 65;
 	types_hash_max_size 2048;
 	# server_tokens off;
 
-  reset_timedout_connection on;
+	reset_timedout_connection on;
+	charset utf-8;
+	client_max_body_size 20m;
 
 	# server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
-	# Serve content as UTF-8 by default
-	charset utf-8;
-
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 
-open_file_cache max=200000 inactive=20s;
-open_file_cache_valid 30s;
-open_file_cache_min_uses 2;
-open_file_cache_errors on;
+	open_file_cache max=200000 inactive=20s;
+	open_file_cache_valid 30s;
+	open_file_cache_min_uses 2;
+	open_file_cache_errors on;
 
 	##
 	# Logging Settings
 	##
 
-  access_log off;
-	#access_log /var/log/nginx/access.log;
+	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 
 	##
@@ -55,12 +53,12 @@ open_file_cache_errors on;
 	##
 
 	gzip on;
-  gzip_min_length 10240;
 	gzip_disable "msie6";
+	gzip_min_length 1024;
 
 	# gzip_vary on;
 	# gzip_proxied any;
-	# gzip_comp_level 6;
+	gzip_comp_level 6;
 	# gzip_buffers 16 8k;
 	# gzip_http_version 1.1;
 	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;