diff --git a/volumes/conf.d/etherpad.zinomedia.de.conf b/volumes/conf.d/etherpad.zinomedia.de.conf
new file mode 100644
index 0000000..c29e2ea
--- /dev/null
+++ b/volumes/conf.d/etherpad.zinomedia.de.conf
@@ -0,0 +1,67 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name etherpad.zinomedia.de;
+
+    access_log off;
+    error_log /var/log/nginx/error.log error;
+
+    # SSL Certificate Configuration
+    ssl_certificate /etc/letsencrypt/live/etherpad.zinomedia.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/etherpad.zinomedia.de/privkey.pem;
+
+    include "snippets/ssl-optimizations.conf";
+
+    # Password protect
+    auth_basic "Protected";
+    auth_basic_user_file /usr/share/nginx/html/etherpad.zinomedia.de/.htpasswd;
+
+    location / {
+        rewrite ^/$ / break;
+        rewrite ^/locales/(.*) /locales/$1 break;
+        rewrite ^/locales.json /locales.json break;
+        rewrite ^/admin(.*) /admin$1 break;
+        rewrite ^/p/(.*) /p/$1 break;
+        rewrite ^/static/(.*) /static/$1 break;
+        rewrite ^/pluginfw/(.*) /pluginfw/$1 break;
+        rewrite ^/javascripts/(.*) /javascripts/$1 break;
+        rewrite ^/socket.io/(.*) /socket.io/$1 break;
+        rewrite ^/ep/(.*) /ep/$1 break;
+        rewrite ^/minified/(.*) /minified/$1 break;
+        rewrite ^/api/(.*) /api/$1 break;
+        rewrite ^/ro/(.*) /ro/$1 break;
+        rewrite ^/error/(.*) /error/$1 break;
+        rewrite ^/jserror(.*) /jserror$1 break;
+        rewrite ^/redirect(.*) /redirect$1 break;
+        rewrite ^/(.*\.js) /$1 break;
+        rewrite /favicon.ico /favicon.ico break;
+        rewrite /robots.txt /robots.txt break;
+        rewrite /(.*) /p/$1;
+
+        resolver 127.0.0.11;
+        set $upstream "http://etherpad:9001";
+        proxy_pass $upstream;
+
+        proxy_buffering off;
+        proxy_set_header Host $host;
+        proxy_pass_header Server;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name etherpad.zinomedia.de;
+    return 301 https://$host$request_uri;
+}
diff --git a/volumes/conf.d/registry.zinomedia.de.conf b/volumes/conf.d/registry.zinomedia.de.conf
index 04f0ed5..bef4ee8 100644
--- a/volumes/conf.d/registry.zinomedia.de.conf
+++ b/volumes/conf.d/registry.zinomedia.de.conf
@@ -25,7 +25,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/registry.zinomedia.de/privkey.pem;
 
     # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
     ssl_prefer_server_ciphers on;