diff --git a/tools/resources/nginx/vhost.conf b/tools/resources/nginx/vhost.conf
new file mode 100644
index 0000000..700b2bc
--- /dev/null
+++ b/tools/resources/nginx/vhost.conf
@@ -0,0 +1,77 @@
+# Example nginx virtual host config
+#
+# The directory structure for this Nginx configuration example is following
+# my `nginx-kickstart` project. For more information, please refer to
+# https://github.com/ditatompel/nginx-kickstart.
+#
+# NOTE: the `listen http2` directive is  not set because it is deprecated since
+# Nginx v1.25.x.
+upstream xmr_remote_nodes_app {
+    keepalive 8;
+    server 127.0.0.1:18901;
+}
+
+server {
+    if ($host = xmr.example.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    server_name xmr.example.com;
+    root /srv/http/default;
+    access_log off;
+    location /.well-known/acme-challenge/ { allow all; }
+    location / { return 301 https://$host$request_uri; }
+}
+
+server {
+    server_name xmr.example.com;
+    listen 443 ssl;
+
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+
+    # See https://github.com/ditatompel/nginx-kickstart/blob/main/etc/nginx/snippets/ssl-params.conf
+    include /etc/nginx/snippets/ssl-params.conf;
+
+    error_log /var/log/nginx/xmr.example.com.error.log;
+
+    root /srv/http/default;
+    index index.html;
+
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Download-Options noopen;
+
+    location = /robots.txt {
+        log_not_found off;
+        access_log    off;
+        proxy_set_header   Connection "";
+        proxy_http_version 1.1;
+        proxy_pass         http://xmr_remote_nodes_app/robots.txt;
+    }
+
+    location ~* \.(?:ico|css|js|gif|jpe?g|png|webp|ttf|woff|woff2|svg|eot)$ {
+        access_log off;
+        expires max;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+        proxy_set_header Connection "";
+        proxy_http_version 1.1;
+        proxy_pass         http://xmr_remote_nodes_app;
+    }
+
+    location / {
+        proxy_set_header   Host $http_host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        # For keepalive, the proxy_http_version directive should be set to “1.1”
+        # and the “Connection” header field should be cleared.
+        proxy_set_header Connection "";
+        proxy_http_version 1.1;
+        proxy_pass         http://xmr_remote_nodes_app/;
+    }
+}
+
+# vim: ft=nginx ts=4 sw=4 et