diff --git a/.gitignore b/.gitignore
index f4d4e10..8fd297d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .vagrant
 .idea
 *.pyc
-config.py
\ No newline at end of file
+config.py
+config.sls
\ No newline at end of file
diff --git a/srv/salt/nginx/nginx.conf b/srv/salt/nginx/nginx.conf
new file mode 100644
index 0000000..b6b0931
--- /dev/null
+++ b/srv/salt/nginx/nginx.conf
@@ -0,0 +1,70 @@
+{% from 'config.sls' import root %}
+gzip_proxied any;
+gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+upstream web {
+  fair;
+  server 127.0.0.1:10000;
+}
+
+server {
+  listen 80;
+
+  # Allow file uploads
+  client_max_body_size 50M;
+
+  location ^~ /static/ {
+    root {{ root }};
+    expires max;
+  }
+
+  location = /favicon.ico {
+    rewrite (.*) /static/favicon.ico;
+  }
+
+  location = /robots.txt {
+    rewrite (.*) /static/robots.txt;
+  }
+
+  location / {
+      proxy_pass_header Server;
+      proxy_redirect off;
+      proxy_buffering off;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Scheme $scheme;
+      proxy_set_header Host $http_host;
+      proxy_pass http://web;
+    error_page 502 = /maintenance.html;
+  }
+
+  location /maintenance.html {
+    root {{ root }}/templates/;
+    add_header Cache-Control private;
+    expires epoch;
+  }
+}
+
+{% if ssl_certificate %}
+server {
+  listen 443;
+  ssl on;
+  ssl_certificate {{ ssl_certificate }};
+  ssl_certificate_key {{ ssl_certificate_key }};
+
+  location ^~ /static/ {
+    root {{ root }};
+    expires max;
+  }
+
+  location / {
+    proxy_pass_header Server;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Scheme $scheme;
+    proxy_set_header Host $http_host;
+    proxy_pass http://web;
+    error_page 502 = /maintenance.html;
+  }
+}
+{% endif %}
\ No newline at end of file
diff --git a/srv/salt/realms/init.sls b/srv/salt/realms/init.sls
index 67ad1d1..2b5d1e8 100644
--- a/srv/salt/realms/init.sls
+++ b/srv/salt/realms/init.sls
@@ -6,7 +6,7 @@ python-pkgs:
       - build-essential
 
 
-{% for pkg in ['tornado', 'pyzmq', 'itsdangerous', 'boto', 'redis', 'simplejson', 'sockjs-tornado', 'flask', 'flask-bcrypt', 'flask-login', 'flask-assets', 'gittle', 'gevent', 'lxml', 'markdown2', 'recaptcha-client', 'rethinkdb', 'RethinkORM' ] %}
+{% for pkg in ['ghdiff', 'tornado', 'pyzmq', 'itsdangerous', 'boto', 'redis', 'simplejson', 'sockjs-tornado', 'flask', 'flask-bcrypt', 'flask-login', 'flask-assets', 'gittle', 'gevent', 'lxml', 'markdown2', 'recaptcha-client', 'rethinkdb', 'RethinkORM' ] %}
 {{ pkg }}-pip:
   pip:
     - name: {{ pkg }}