diff --git a/deploy/zfs-manager-nginx.conf b/deploy/zfs-manager-nginx.conf
new file mode 100644
index 0000000..66ebc8c
--- /dev/null
+++ b/deploy/zfs-manager-nginx.conf
@@ -0,0 +1,70 @@
+upstream zfs_backend {
+    server 127.0.0.1:8000;
+}
+
+# Redirect HTTP zu HTTPS auf Port 8090
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+    return 301 https://$host:8090$request_uri;
+}
+
+# HTTPS Server auf Port 8090
+server {
+    listen 8090 ssl http2;
+    listen [::]:8090 ssl http2;
+    server_name _;
+
+    # SSL-Zertifikate
+    ssl_certificate /opt/zfs-manager/ssl/zfs-manager.crt;
+    ssl_certificate_key /opt/zfs-manager/ssl/zfs-manager.key;
+
+    # SSL-Sicherheit
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+
+    # Gzip compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript;
+
+    root /opt/zfs-manager/frontend;
+
+    # API endpoints - proxy to FastAPI
+    location /api/ {
+        proxy_pass http://zfs_backend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # API Docs
+    location /docs {
+        proxy_pass http://zfs_backend;
+        proxy_set_header Host $host;
+    }
+
+    location /openapi.json {
+        proxy_pass http://zfs_backend;
+        proxy_set_header Host $host;
+    }
+
+    # Static assets - serve directly with long cache
+    location /_next/static/ {
+        expires 365d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location /public/ {
+        expires 7d;
+    }
+
+    # Frontend SPA - fallback to index.html
+    location / {
+        try_files $uri $uri.html $uri/ /index.html;
+        expires 0;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+    }
+}