diff --git a/gitea/Mozilla_Observatory.png b/gitea/Mozilla_Observatory.png
new file mode 100644
index 0000000..61136af
Binary files /dev/null and b/gitea/Mozilla_Observatory.png differ
diff --git a/gitea/README.md b/gitea/README.md
index e69de29..96128b6 100644
--- a/gitea/README.md
+++ b/gitea/README.md
@@ -0,0 +1,6 @@
+# Additional Score Commentary:
+
+## Mozilla Observatory
+Current CSP requires the use of unsafe-eval and unsafe-inline for script-src.
+Current CSP requires the use of unsafe-inline for style-src.
+The relevant issue can be found at: https://github.com/go-gitea/gitea/issues/305
diff --git a/gitea/SSL Server Test_ git.theschricks.com (Powered by Qualys SSL Labs).pdf b/gitea/SSL Server Test_ git.theschricks.com (Powered by Qualys SSL Labs).pdf
new file mode 100644
index 0000000..08fbcfc
Binary files /dev/null and b/gitea/SSL Server Test_ git.theschricks.com (Powered by Qualys SSL Labs).pdf differ
diff --git a/gitea/SSL_Labs.png b/gitea/SSL_Labs.png
new file mode 100644
index 0000000..6a188e4
Binary files /dev/null and b/gitea/SSL_Labs.png differ
diff --git a/gitea/git.theschricks.com.conf b/gitea/git.theschricks.com.conf
new file mode 100644
index 0000000..050bf8c
--- /dev/null
+++ b/gitea/git.theschricks.com.conf
@@ -0,0 +1,60 @@
+server {
+	server_name git.theschricks.com;
+
+	location / {
+
+		# Workaround while waiting for cookie flags to be implemented. See Issue #5583
+		proxy_cookie_path / "/; Secure; HttpOnly; SameSite=lax";
+ 
+		proxy_pass http://pi1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection $connection_upgrade;
+		proxy_set_header Host $host;	
+	}
+
+	if ($scheme != "https") {
+		return 301 https://$host$request_uri;
+	}
+
+	client_max_body_size 512m;
+
+    	listen [::]:443 ssl; # managed by Certbot
+    	listen 443 ssl; # managed by Certbot
+    	ssl_certificate /etc/letsencrypt/live/git.theschricks.com/fullchain.pem; # managed by Certbot
+    	ssl_certificate_key /etc/letsencrypt/live/git.theschricks.com/privkey.pem; # managed by Certbot
+    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Content-Type-Options nosniff;
+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+	add_header X-Robots-Tag none;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header Referrer-Policy "strict-origin";
+	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+
+	#Ideally needs to be changed, but needs to be set to this for Gitea for now: https://github.com/go-gitea/gitea/issues/305.
+	add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; frame-ancestors 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';";
+
+    	# OCSP stapling
+    	ssl_stapling on;
+    	ssl_stapling_verify on;
+
+}
+
+#HTTP
+server { 
+	listen 80;
+	listen [::]:80;
+	server_name git.theschricks.com www.git.theschricks.com;
+	return 301 https://$host$request_uri;
+}
+
+#Redirect www
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name www.git.theschricks.com;
+	return 301 https://$host$request_uri;
+}
+
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..bf9d360
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,100 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+	include /etc/nginx/conf.d/*.conf;
+
+	proxy_connect_timeout 600;
+	proxy_send_timeout 600;
+	proxy_read_timeout 600;
+	fastcgi_send_timeout 600;
+	fastcgi_read_timeout 600;
+	client_header_timeout 600;
+	client_body_timeout 600;
+	client_max_body_size 512M;
+		
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 650;
+	types_hash_max_size 2048;
+	server_tokens off;
+	
+	# server_names_hash_bucket_size 128;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+	#ALSO MUST CHANGE THE OPTIONS IN /etc/letsencrypt
+	
+	ssl_protocols TLSv1.2 TLSv1.3;
+	#ssl_prefer_server_ciphers on;
+	ssl_prefer_server_ciphers off;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+	
+	#add_header Set-Cookie "Path=/; HttpOnly; Secure";
+
+	##
+	# Buffer Policy
+	##
+	client_body_buffer_size 1K;
+	client_header_buffer_size 1k;
+	large_client_header_buffers 2 1k;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	upstream pi3 {
+		server 192.168.1.13;
+	}
+
+	upstream pi2 {
+		server 192.168.1.12:8107;
+		
+	}
+
+	upstream pi1 {
+		server 192.168.1.11:3000;
+	}
+	
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		''	close;
+	}
+	
+}
+