diff --git a/conf/nginx.conf b/conf/nginx.conf
index 5f762a1..4a49b26 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,42 +1,56 @@
-location __PATH__/ {
+#gzip on;
+gzip_disable "msie6";
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_buffers 16 8k;
+gzip_http_version 1.1;
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
+
+# the nginx default is 1m, not enough for large media uploads
+client_max_body_size 50M;
+
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+location / {
   # Force usage of https
   if ($scheme = http) {
     rewrite ^ https://$server_name$request_uri? permanent;
   }
 
-  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
-  client_max_body_size 50M;
-
-  proxy_http_version 1.1;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
-  proxy_set_header Host $http_host;
-  proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto $scheme;
-
   proxy_pass http://localhost:__PORT__;
 
-  location ~* \.(css|js)$ {
-    root __FINALPATH__/live/priv/static;
-    etag off;
-    access_log off;
-    more_set_headers "Cache-Control: public, max-age=31536000, immutable";
-  }
-
-  location ~ ^/(media|proxy) {
-    etag off;
-    access_log off;
-    more_set_headers "Cache-Control: public, max-age=31536000, immutable";
-    proxy_pass http://localhost:__PORT__;
-  }
-
-  error_page 500 501 502 503 504 @error;
-
   # Include SSOWAT user panel.
-  include conf.d/yunohost_panel.conf.inc;
+  # include conf.d/yunohost_panel.conf.inc;
 }
 
+# Let's Encrypt keeps its files here
+location ^~ '/.well-known/acme-challenge' {
+  root /var/www/certbot;
+  default_type "text/plain";
+}
+
+location ~ ^/(js|css) {
+  root __FINALPATH__/live/priv/static;
+  etag off;
+  access_log off;
+  more_set_headers "Cache-Control: public, max-age=31536000, immutable";
+}
+
+location ~ ^/(media|proxy) {
+  etag off;
+  access_log off;
+  more_set_headers "Cache-Control: public, max-age=31536000, immutable";
+  proxy_pass http://localhost:__PORT__;
+}
+
+error_page 500 501 502 503 504 @error;
 location @error {
   root __FINALPATH__/live/priv/errors;
   try_files /error.html 502;