diff --git a/site-cookbooks/kosmos-ipfs/attributes/default.rb b/site-cookbooks/kosmos-ipfs/attributes/default.rb
index 5d595f0..9ce8bb0 100644
--- a/site-cookbooks/kosmos-ipfs/attributes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb
@@ -4,6 +4,7 @@
 # FIXME api_port should come from the ipfs cookbook/attributes
 # It has nothing to do with nginx
 node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
+node.default['kosmos-ipfs']['nginx']['gateway_port'] = 9090
 node.default['kosmos-ipfs']['nginx']['external_api_port'] = 5444
 
 node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org"
diff --git a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
index 2745a52..434331a 100644
--- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
@@ -36,6 +36,7 @@ template "#{node['nginx']['dir']}/sites-available/#{domain}" do
             ssl_cert:               "/etc/letsencrypt/live/#{domain}/fullchain.pem",
             ssl_key:                "/etc/letsencrypt/live/#{domain}/privkey.pem",
             ipfs_api_port:          node['kosmos-ipfs']['nginx']['api_port'],
+            ipfs_gateway_port:      node['kosmos-ipfs']['nginx']['gateway_port'],
             ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port']
 
   notifies :reload, 'service[nginx]', :delayed
diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
index 5759129..6b96147 100644
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@@ -1,12 +1,32 @@
-upstream _ipfs {
+upstream _ipfs_gateway {
+  server   localhost:<%= @ipfs_gateway_port %>;
+}
+upstream _ipfs_api {
   server   localhost:<%= @ipfs_api_port %>;
 }
 
-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+<% else -%>
+  listen 80;
+  listen [::]:80;
+<% end -%>
+  server_name ipfs.kosmos.org;
+
+  location /ipfs {
+    proxy_pass http://_ipfs_gateway/ipfs;
+  }
+
+  ssl_certificate /etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem;
+}
+
+server {
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
   listen <%= @ipfs_external_api_port %> ssl http2;
 <% else -%>
-server {
   listen <%= @ipfs_external_api_port %>;
 <% end -%>
 
@@ -22,19 +42,19 @@ server {
   proxy_http_version 1.1;
 
   location /api/v0/cat {
-    proxy_pass http://_ipfs/api/v0/cat;
+    proxy_pass http://_ipfs_api/api/v0/cat;
   }
   location /api/v0/add {
-    proxy_pass http://_ipfs/api/v0/add;
+    proxy_pass http://_ipfs_api/api/v0/add;
   }
   location /api/v0/object/get {
-    proxy_pass http://_ipfs/api/v0/object/get;
+    proxy_pass http://_ipfs_api/api/v0/object/get;
   }
   location /api/v0/object/data {
-    proxy_pass http://_ipfs/api/v0/object/data;
+    proxy_pass http://_ipfs_api/api/v0/object/data;
   }
   location /api/v0/id {
-    proxy_pass http://_ipfs/api/v0/id;
+    proxy_pass http://_ipfs_api/api/v0/id;
   }
 
   ssl_certificate <%= @ssl_cert %>;