diff --git a/ssl-server-setup.md b/ssl-server-setup.md
new file mode 100644
index 0000000..8e50814
--- /dev/null
+++ b/ssl-server-setup.md
@@ -0,0 +1,64 @@
+* `sudo apt-get install nginx`
+* `echo 'deb http://httpredir.debian.org/debian jessie-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/jessie-backports.list`
+* `sudo apt-get update`
+* `sudo apt-get install certbot -t jessie-backports`
+* forward port 443 to the machine running nginx
+* `sudo certbot certonly --standalone`
+* `sudo chgrp www-data /etc/letsencrypt/live`
+* `sudo chmod 750 /etc/letsencrypt/live`
+
+`sudo vim /etc/nginx/sites-available/musikcube`
+
+```
+# web socket (metadata) server
+server {
+  listen 7907 ssl;
+  server_name <hostname>;
+
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<hostname>/privkey.pem;
+
+  ssl_session_cache shared:SSL:20m;
+  ssl_session_timeout 10m;
+
+  ssl_prefer_server_ciphers on;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+
+  location / {
+	proxy_pass http://127.0.0.1:7905;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+  }
+}
+
+# audio (file) server
+server {
+  listen 7908 ssl;
+  server_name <hostname>;
+
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/<hostname>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<hostname>/privkey.pem;
+
+  ssl_session_cache shared:SSL:20m;
+  ssl_session_timeout 10m;
+
+  ssl_prefer_server_ciphers on;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+
+  location / {
+	proxy_pass http://127.0.0.1:7906;
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}
+```
+
+* `sudo ln -s /etc/nginx/sites-available/musikcube /etc/nginx/sites-enabled/`
+* `sudo /etc/init.d/nginx restart`
\ No newline at end of file