diff --git a/README.md b/README.md
index 5be6383..8b669c3 100644
--- a/README.md
+++ b/README.md
@@ -19,11 +19,22 @@ log_facility 5
 ```
 
 
+## Nginx router
 
-[setup nginx](https://www.nginx.com/blog/nginx-plus-iot-load-balancing-mqtt/)
+Install nginx
+```
+sudo dnf install nginx
+```
+conf file [here](nginx.conf)
+
+check firewal and selinux in case of problem
+sudo firewall-cmd --permanent --zone=public --add-port=8883/tcp
 
 
 
+### change in Node-RED
+add the server address mqtt.33co.de por 8883
+and select use TLS
 
 ## Setup test local environment
 **20 October 2022**
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..3020635
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,64 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    include /etc/nginx/conf.d/*.conf;
+
+server {
+    server_name mqtt.33co.de;
+    listen 80;
+
+    root /usr/share/nginx/html;
+    index index.php index.html index.htm;
+
+    location ~ /.well-known {
+        allow all;
+    }
+}
+
+
+}
+
+stream {
+    upstream mosquitto {
+        server XXX.XXX.XXX.XXX:1883;
+    }
+
+    server {
+        listen 8883 ssl;
+        proxy_pass mosquitto;
+        ssl_certificate /etc/letsencrypt/live/mqtt.33co.de/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/mqtt.33co.de/privkey.pem;
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+        ssl_ecdh_curve secp384r1;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off;
+    }
+}