diff --git a/dockerized/simple_site/docker-compose.yaml b/dockerized/simple_site/docker-compose.yaml
index d6faef0..f2587e8 100644
--- a/dockerized/simple_site/docker-compose.yaml
+++ b/dockerized/simple_site/docker-compose.yaml
@@ -1,4 +1,9 @@
 version: '3'
+
+networks:
+  cluster:
+    external: false
+
 services:
 
 # 3 versions of the same app responding to host's 3001-3
@@ -8,6 +13,8 @@ services:
       - APP_NAME=App1
     ports:
       - "3001:3000"
+    networks:
+      - cluster
 
   app2:
     build: .
@@ -15,6 +22,8 @@ services:
       - APP_NAME=App2
     ports:
       - "3002:3000"
+    networks:
+      - cluster
 
   app3:
     build: .
@@ -22,4 +31,31 @@ services:
       - APP_NAME=App3
     ports:
       - "3003:3000"
+    networks:
+      - cluster
 
+
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '8088:80'
+      deploy:
+        replicas: 4
+        update_config:
+          parallelism: 2
+          order: start-first
+          failure_action: rollback
+          delay: 10s
+        rollback_config:
+          parallelism: 0
+          order: stop-first
+        restart_policy:
+          condition: any
+          delay: 5s
+          max_attempts: 3
+          window: 120s
+      healthcheck:
+        test: ["CMD", "service", "nginx", "status"]
+      networks:
+        - cluster
diff --git a/dockerized/simple_site/nginx/config.conf b/dockerized/simple_site/nginx/config.conf
new file mode 100644
index 0000000..54650a3
--- /dev/null
+++ b/dockerized/simple_site/nginx/config.conf
@@ -0,0 +1,59 @@
+# Main context (this is the global configuration)
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+
+    # Upstream block to define the Node.js backend servers
+    # Servers name come from compose definition
+
+    upstream nodejs_cluster {
+        server app1:3001;
+        server app2:3002;
+        server app3:3003;
+    }
+
+
+    #TODO manage certs
+    # server {
+    #     listen 443 ssl;  # Listen on port 443 for HTTPS
+    #     server_name localhost;
+
+    #     # SSL certificate settings
+    #     ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
+    #     ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
+
+    #     # Proxying requests to Node.js cluster
+    #     location / {
+    #         proxy_pass http://nodejs_cluster;
+    #         proxy_set_header Host $host;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #     }
+    # }
+
+    # Optional server block for HTTP to HTTPS redirection
+    server {
+        listen 80;  # Listen on port 80 for HTTP
+        server_name localhost;
+
+        
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+}