diff --git a/m/tent/configuration.nix b/m/tent/configuration.nix
index 14957553..c041683e 100644
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@@ -7,6 +7,7 @@
     ../module/debuginfod.nix
     ../module/ssh-hut-extern.nix
     ./monitoring.nix
+    ./nginx.nix
   ];
 
   # Select the this using the ID to avoid mismatches
diff --git a/m/tent/nginx.nix b/m/tent/nginx.nix
new file mode 100644
index 00000000..f67a5255
--- /dev/null
+++ b/m/tent/nginx.nix
@@ -0,0 +1,54 @@
+{ theFlake, pkgs, ... }:
+let
+  website = pkgs.stdenv.mkDerivation {
+    name = "jungle-web";
+    src = theFlake;
+    buildInputs = [ pkgs.hugo ];
+    buildPhase = ''
+      cd web
+      rm -rf public/
+      hugo
+    '';
+    installPhase = ''
+      cp -r public $out
+    '';
+    # Don't mess doc/
+    dontFixup = true;
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 ];
+  services.nginx = {
+    enable = true;
+    virtualHosts."jungle.bsc.es" = {
+      root = "${website}";
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+      ];
+      extraConfig = ''
+        set_real_ip_from 127.0.0.1;
+        set_real_ip_from 84.88.52.107;
+        real_ip_recursive on;
+        real_ip_header X-Forwarded-For;
+
+        location /cache {
+          rewrite ^/cache/(.*) /$1 break;
+          proxy_pass http://127.0.0.1:5000;
+          proxy_redirect http:// $scheme://;
+        }
+        location /grafana {
+          proxy_pass http://127.0.0.1:2342;
+          proxy_redirect http:// $scheme://;
+          proxy_set_header Host $host;
+          # Websockets
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+        }
+      '';
+    };
+  };
+}