diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 92eb234..fb91005 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -6,6 +6,7 @@ services:
       - taxhacker_network
     environment:
       - NODE_ENV=production
+      - BASE_URL=https://taxhacker.app
       - UPLOAD_PATH=/app/data/uploads
     env_file:
       - .env
diff --git a/etc/nginx/taxhacker.app.conf b/etc/nginx/taxhacker.app.conf
new file mode 100644
index 0000000..183804c
--- /dev/null
+++ b/etc/nginx/taxhacker.app.conf
@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name taxhacker.app;
+
+    charset utf-8;
+    client_max_body_size 256M;
+
+    set_real_ip_from  172.17.0.0/16;
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+
+    ssl_certificate /home/vas3k/certs/pubkey.pem;
+    ssl_certificate_key /home/vas3k/certs/privkey.pem;
+
+    location / {
+        add_header "Access-Control-Allow-Origin" "*";
+        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
+        add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+        add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range";
+        add_header "Strict-Transport-Security" "max-age=31536000;includeSubDomains";
+        add_header "X-Content-Type-Options" "nosniff";
+        add_header "Referrer-Policy" "strict-origin-when-cross-origin";
+        add_header "Permissions-Policy" "accelerometer=(),camera=(),geolocation=(self 'https://taxhacker.app'),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()";
+
+        proxy_set_header "Host" $http_host;
+        proxy_set_header "X-Forwarded-Host" $host;
+        proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
+        proxy_set_header "X-Forwarded-Proto" $scheme;
+        proxy_redirect off;
+        proxy_buffering off;
+
+        proxy_pass http://127.0.0.1:7331;
+    }
+}
diff --git a/lib/auth.ts b/lib/auth.ts
index 3d19423..3ef62ab 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -21,6 +21,7 @@ export type UserProfile = {
 export const auth = betterAuth({
   database: prismaAdapter(prisma, { provider: "postgresql" }),
   appName: config.app.title,
+  baseURL: config.app.baseURL,
   secret: config.auth.secret,
   email: {
     provider: "resend",
diff --git a/lib/config.ts b/lib/config.ts
index df7db03..ea379bf 100644
--- a/lib/config.ts
+++ b/lib/config.ts
@@ -3,6 +3,7 @@ const config = {
     title: "TaxHacker",
     description: "Your personal AI accountant",
     version: process.env.npm_package_version || "0.0.1",
+    baseURL: process.env.BASE_URL || "http://localhost:" + process.env.PORT,
   },
   upload: {
     acceptedMimeTypes: "image/*,.pdf,.doc,.docx,.xls,.xlsx",