diff --git a/in/personal/server/index.rst b/in/personal/server/index.rst
index 2a58177..b543158 100644
--- a/in/personal/server/index.rst
+++ b/in/personal/server/index.rst
@@ -309,6 +309,76 @@ Prepare a grub.cfg
 Web
 ---
 
+Configuration
+^^^^^^^^^^^^^
+
+* /etc/nginx/nginx.conf
+
+::
+
+ pid /run/nginx.pid;
+ user user;
+ worker_processes auto;
+
+ events {
+ multi_accept off;
+ worker_connections 512;
+ }
+
+ http {
+
+ # General
+
+ keepalive_timeout 60;
+ sendfile on;
+ server_tokens off;
+ tcp_nopush on;
+ tcp_nodelay on;
+ types_hash_max_size 2048;
+
+ # Names
+
+ server_name_in_redirect off;
+ server_names_hash_bucket_size 128;
+
+ # File types
+
+ include mime.types;
+ default_type application/octet-stream;
+
+ # Security
+
+ ssl_buffer_size 8k;
+ ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
+ ssl_ecdh_curve "X448:X25519:secp521r1:secp384r1";
+ ssl_prefer_server_ciphers on;
+ ssl_protocols TLSv1.3 TLSv1.2;
+ ssl_session_cache shared:ssl_session_cache:16m;
+ ssl_session_timeout 15m;
+
+ # Log
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ # Compression
+
+ gzip off;
+
+ # Misc
+
+ client_max_body_size 16m;
+ index index.html;
+ proxy_pass_request_body on;
+ proxy_pass_request_headers on;
+ proxy_redirect off;
+
+ # Includes
+
+ include sites-enabled/*;
+
+ }
+
 Security
 ^^^^^^^^
 
diff --git a/in/public/web/nginx/configure.rst b/in/public/web/nginx/configure.rst
index eadf4d2..5ec9b06 100644
--- a/in/public/web/nginx/configure.rst
+++ b/in/public/web/nginx/configure.rst
@@ -1,72 +1,6 @@
-*********
 Configure
-*********
+=========
 
 * /etc/nginx/nginx.conf
 
-.. code::
-
- pid /run/nginx.pid;
- user user;
- worker_processes auto;
-
- events {
- multi_accept off;
- worker_connections 512;
- }
-
- http {
-
- # General
-
- keepalive_timeout 60;
- sendfile on;
- server_tokens off;
- tcp_nopush on;
- tcp_nodelay on;
- types_hash_max_size 2048;
-
- # Names
-
- server_name_in_redirect off;
- server_names_hash_bucket_size 128;
-
- # File types
-
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- # Security
-
- ssl_buffer_size 8k;
- ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
- ssl_ecdh_curve "X448:X25519:secp521r1:secp384r1";
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1.3 TLSv1.2;
- ssl_session_cache shared:ssl_session_cache:16m;
- ssl_session_timeout 15m;
-
- add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
-
- # Log
-
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
-
- # Compression
-
- gzip off;
-
- # Misc
-
- client_max_body_size 16m;
- index index.html;
- proxy_pass_request_body on;
- proxy_pass_request_headers on;
- proxy_redirect off;
-
- # Includes
-
- include /etc/nginx/sites-enabled/*;
-
- }
+.. todo:: extract from server