diff --git a/cfg/ngx/op.fo.conf b/cfg/ngx/op.fo.conf
new file mode 100644
index 0000000..0ec0e13
--- /dev/null
+++ b/cfg/ngx/op.fo.conf
@@ -0,0 +1,49 @@
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# configuration of op.fo / frode klevstul / oct 2025
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# - - - - - - - - - - - - - - - - - - -
+
+# enforce ssl and bare domain (without www) for http requests
+# ($server_name will return the first value given)
+server {
+    listen 80;
+    server_name op.fo www.op.fo;
+    return 301 https://$server_name$request_uri;
+}
+
+# www to bare domain for https requests
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
+    ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
+    ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;
+
+    server_name www.op.fo;
+    return 301 $scheme://op.fo$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
+    ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
+    ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;
+
+    root /var/www/op.fo;
+    index index.html;
+    server_name op.fo;
+
+    # redirect 404 not found to the root
+    location / {
+	   error_page 404 = @myownredirect;
+    }
+
+    location @myownredirect {
+        return 302 /;
+    }
+}