diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index 09b0d9a..a0b0128 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -48,6 +48,7 @@
       "kosmos-akkounts::nginx",
       "kosmos-akkounts::nginx_api",
       "kosmos-bitcoin::nginx_lndhub",
+      "kosmos-mastodon::nginx",
       "kosmos_encfs",
       "kosmos_encfs::default",
       "kosmos-ejabberd::firewall",
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index 6275af9..0f59edc 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -24,12 +24,11 @@ default_run_list = %w(
   kosmos_garage::default
   kosmos_garage::firewall_rpc
   kosmos_garage::nginx_web
-
   kosmos-ejabberd::nginx
+
   kosmos-hubot::nginx_botka_irc-libera-chat
   kosmos-hubot::nginx_hal8000_xmpp
   kosmos-ipfs::nginx_public_gateway
-  kosmos-mastodon::nginx
   remotestorage_discourse::nginx
 )
 
@@ -45,6 +44,7 @@ production_run_list = %w(
   kosmos-akkounts::nginx
   kosmos-akkounts::nginx_api
   kosmos-bitcoin::nginx_lndhub
+  kosmos-mastodon::nginx
 )
 
 env_run_lists(
diff --git a/site-cookbooks/kosmos-mastodon/metadata.rb b/site-cookbooks/kosmos-mastodon/metadata.rb
index 81fc2bf..c020afc 100644
--- a/site-cookbooks/kosmos-mastodon/metadata.rb
+++ b/site-cookbooks/kosmos-mastodon/metadata.rb
@@ -13,7 +13,7 @@ depends 'firewall'
 depends 'redisio'
 depends 'tor-full'
 depends 'postgresql'
-depends 'kosmos-nginx'
 depends 'kosmos-nodejs'
+depends 'kosmos_openresty'
 depends 'kosmos_postgresql'
 depends 'ruby_build'
diff --git a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
index 3c81e81..f19e052 100644
--- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
@@ -3,57 +3,50 @@
 # Recipe:: nginx
 #
 
-include_recipe "kosmos-nginx"
-
 app_dir        = node["kosmos-mastodon"]["directory"]
 server_name    = node["kosmos-mastodon"]["domain"]
-is_proxy       = node.roles.include?('nginx_proxy') rescue nil
-upstream_hosts = []
 
-if is_proxy
+upstream_hosts = []
+search(:node, "role:mastodon").each do |node|
+  upstream_hosts << node["knife_zero"]["host"]
+end
+if upstream_hosts.any?
   web_root_dir = "/var/www/#{server_name}/public"
-  search(:node, "role:mastodon").each do |node|
-    upstream_hosts << node["knife_zero"]["host"]
-  end
 else
   web_root_dir = "#{app_dir}/public"
   upstream_hosts << "localhost"
 end
 
-directory "#{node['nginx']['dir']}/snippets" do
+directory "#{node['openresty']['dir']}/snippets" do
   action :create
   owner 'www-data'
   mode 0640
 end
 
-template "#{node['nginx']['dir']}/snippets/mastodon.conf" do
+template "#{node['openresty']['dir']}/snippets/mastodon.conf" do
   source 'nginx_conf_shared.erb'
   owner 'www-data'
   mode 0640
   variables web_root_dir: web_root_dir,
             server_name:  server_name
-  notifies :reload, 'service[nginx]', :delayed
+  notifies :reload, 'service[openresty]', :delayed
 end
 
-nginx_certbot_site server_name
+tls_cert_for server_name do
+  auth "gandi_dns"
+  action :create
+end
 
 onion_address = File.read("/var/lib/tor/web/hostname").strip rescue nil rescue nil
 
-template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
-  source 'nginx_conf_mastodon.erb'
-  owner 'www-data'
-  mode 0640
+openresty_site server_name do
+  template 'nginx_conf_mastodon.erb'
   variables server_name:        server_name,
             ssl_cert:           "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
             ssl_key:            "/etc/letsencrypt/live/#{server_name}/privkey.pem",
-            shared_config_path: "#{node['nginx']['dir']}/snippets/mastodon.conf",
+            shared_config_path: "#{node['openresty']['dir']}/snippets/mastodon.conf",
             app_port:           node["kosmos-mastodon"]["app_port"],
             streaming_port:     node["kosmos-mastodon"]["streaming_port"],
             onion_address:      onion_address,
             upstream_hosts:     upstream_hosts
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_site server_name do
-  action :enable
 end
diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 619f03d..d3c45d8 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -20,7 +20,7 @@ proxy_cache_path /var/cache/nginx/mastodon levels=1:2
                  max_size=1g inactive=120m use_temp_path=off;
 
 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   listen [::]:443 ssl http2;
   server_name <%= @server_name %>;
   include <%= @shared_config_path %>;
@@ -36,12 +36,12 @@ server {
 
 <% if @onion_address %>
 server {
-  listen 80;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80;
   server_name mastodon.<%= @onion_address %>;
   include <%= @shared_config_path %>;
 }
 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   server_name mastodon.<%= @onion_address %>;
   include <%= @shared_config_path %>;