diff --git a/nginx/Dockerfile b/nginx/Dockerfile
deleted file mode 100644
index 66074cf66..000000000
--- a/nginx/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM nginx:1.17.4-alpine
-
-RUN rm /etc/nginx/conf.d/default.conf
-COPY nginx.conf /etc/nginx/conf.d
diff --git a/nginx/nginx.conf b/nginx/default.conf
similarity index 100%
rename from nginx/nginx.conf
rename to nginx/default.conf
diff --git a/nginx/prod-default.conf b/nginx/prod-default.conf
new file mode 100644
index 000000000..079a7aaf6
--- /dev/null
+++ b/nginx/prod-default.conf
@@ -0,0 +1,44 @@
+upstream web {
+    server web:8000;
+}
+
+server {
+    listen [::]:80;
+    listen 80;
+
+    server_name bookwyrm.social www.bookwyrm.social;
+
+    location ~ /.well-known/acme-challenge {
+        allow all;
+        root /var/www/certbot;
+    }
+
+    # redirect http to https www
+    return 301 https://www.bookwyrm.social$request_uri;
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+
+    server_name bookwyrm.social;
+
+    # SSL code
+    ssl_certificate /etc/nginx/ssl/live/bookwyrm.social/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/bookwyrm.social/privkey.pem;
+
+    location / {
+        proxy_pass http://web;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+    }
+
+    location /images/ {
+        alias /app/images/;
+    }
+
+    location /static/ {
+        alias /app/static/;
+    }
+}
diff --git a/prod-docker-compose.yml b/prod-docker-compose.yml
new file mode 100644
index 000000000..5f5ac9c6d
--- /dev/null
+++ b/prod-docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+    nginx:
+        image: nginx:latest
+        ports:
+            - 80:80
+            - 443:443
+        depends_on:
+            - web
+        networks:
+            - main
+        volumes:
+            - ./nginx:/etc/nginx/conf.d
+            - ./certbot/conf:/etc/nginx/ssl
+            - ./certbot/data:/var/www/certbot
+            - static_volume:/app/static
+            - media_volume:/app/images
+    certbot:
+        image: certbot/certbot:latest
+        command: certonly --webroot --webroot-path=/var/www/certbot --email mouse.reeve@gmail.com --agree-tos --no-eff-email -d bookwyrm.social -d www.bookwyrm.social
+        volumes:
+            - ./certbot/conf:/etc/letsencrypt
+            - ./certbot/logs:/var/log/letsencrypt
+            - ./certbot/data:/var/www/certbot
+    db:
+        image: postgres
+        env_file: .env
+        volumes:
+          - pgdata:/var/lib/postgresql/data
+        networks:
+            - main
+    web:
+        build: .
+        command: python manage.py runserver 0.0.0.0:8000
+        volumes:
+            - .:/app
+            - static_volume:/app/static
+            - media_volume:/app/images
+        depends_on:
+            - db
+            - celery_worker
+        networks:
+            - main
+        ports:
+            - 8000:8000
+    redis:
+        image: redis
+        env_file: .env
+        ports:
+          - "6379:6379"
+        networks:
+            - main
+        restart: on-failure
+    celery_worker:
+        env_file: .env
+        build: .
+        networks:
+            - main
+        command: celery -A celerywyrm worker -l info
+        volumes:
+            - .:/app
+            - static_volume:/app/static
+            - media_volume:/app/images
+        depends_on:
+            - db
+            - redis
+        restart: on-failure
+volumes:
+    pgdata:
+    static_volume:
+    media_volume:
+networks:
+    main: