diff --git a/nextcloud/README.md b/nextcloud/README.md
index e69de29..cfb35bf 100644
--- a/nextcloud/README.md
+++ b/nextcloud/README.md
@@ -0,0 +1,16 @@
+# Scoring
+
+## SSL Labs
+![alt text](./scoring/SSL_Labs.png?raw=true)
+
+## Mozilla Observatory
+![alt text](./scoring/Mozilla_Observatory.png?raw=true)
+
+# Additional Score Commentary:
+
+## Mozilla Observatory
+
+Current CSP requires the use of unsafe-inline for style-src.
+
+The relevant issue can be found at: https://github.com/nextcloud/server/issues/1185
+	and at: https://help.nextcloud.com/t/content-security-policy-config/28146/2
diff --git a/nextcloud/nextcloud.theschricks.com.conf b/nextcloud/nextcloud.theschricks.com.conf
new file mode 100644
index 0000000..a2d4c4d
--- /dev/null
+++ b/nextcloud/nextcloud.theschricks.com.conf
@@ -0,0 +1,53 @@
+server {
+
+	server_name nextcloud.theschricks.com;
+
+	location / {
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection $connection_upgrade;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_pass http://pi2;
+	}
+
+	location = /.well-known/carddav {
+    		return 301 $scheme://$host/remote.php/dav;
+	}
+
+	location = /.well-known/caldav {
+    		return 301 $scheme://$host/remote.php/dav;
+	}
+
+    	client_max_body_size 512m;
+
+	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+	
+	
+    	listen [::]:443 ssl; # managed by Certbot
+    	listen 443 ssl; # managed by Certbot
+    	ssl_certificate /etc/letsencrypt/live/nextcloud.theschricks.com-0001/fullchain.pem; # managed by Certbot
+    	ssl_certificate_key /etc/letsencrypt/live/nextcloud.theschricks.com-0001/privkey.pem; # managed by Certbot
+    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    	# OCSP stapling
+    	ssl_stapling on;
+    	ssl_stapling_verify on;
+}
+
+#HTTP
+server {
+	listen 80;
+	listen [::]:80;
+	server_name nextcloud.theschricks.com www.nextcloud.theschricks.com;
+	return 301 https://$host$request_uri;
+}
+
+#Redirect www
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name www.nextcloud.theschricks.com;
+	return 301 https://$host$request_uri;
+}
diff --git a/nextcloud/scoring/Mozilla_Observatory.png b/nextcloud/scoring/Mozilla_Observatory.png
new file mode 100644
index 0000000..c5fc85e
Binary files /dev/null and b/nextcloud/scoring/Mozilla_Observatory.png differ
diff --git a/nextcloud/scoring/SSL_Labs.png b/nextcloud/scoring/SSL_Labs.png
new file mode 100644
index 0000000..a42b16e
Binary files /dev/null and b/nextcloud/scoring/SSL_Labs.png differ