diff --git a/modules/vds/nginx.nix b/modules/vds/nginx.nix
index 18c5554..c13d6e4 100755
--- a/modules/vds/nginx.nix
+++ b/modules/vds/nginx.nix
@@ -15,55 +15,40 @@
       recommendedTlsSettings = true;
       virtualHosts = {
         "immich.zeroq.ru" = {
-          listen = [
-            {
-              addr = "sapphira.laxta-platy.ts.net";
-              port = 2283;
-            }
-          ];
+          forceSSL = true; # Принудительный HTTPS
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://sapphira.laxta-platy.ts.net:2283"; # Порт Immich
+            proxyWebsockets = true; # Если Immich использует WebSockets
+          };
+        };
+        "nextcloud.zeroq.ru" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://sapphira.laxta-platy.ts.net:10000"; # Порт Nextcloud
+            proxyWebsockets = true;
+          };
+        };
+        "llm.zeroq.ru" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://sapphira.laxta-platy.ts.net:11111"; # Порт Open WebUI
+            proxyWebsockets = true;
+          };
         };
-        # "vless-sub" = {
-
-        #   serverName = "${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net";
-        #   listen = [
-        #     {
-        #       addr = "0.0.0.0"; # Tailscale IP вашего VDS
-        #       port = 44444;
-        #       ssl = false;
-        #     }
-        #     {
-        #       addr = "0.0.0.0"; # Tailscale IP вашего VDS
-        #       port = 44443;
-        #       ssl = true;
-        #     }
-        #   ];
-        #   root = "${inputs.zeroq-credentials.paths.vless-subs.root}"; # "${inputs.zeroq-credentials}/services/xray/subs";
-        #   locations."/" = {
-        #     extraConfig = ''
-        #       if ($scheme = http) {
-        #         return 301 https://$host:44443$request_uri;
-        #       }
-        #     '';
-        #   };
-        #   enableACME = true;
-        #   forceSSL = true; # Принудительно HTTPS
-
-        # };
       };
     };
   };
-  # security.acme = {
-  #   acceptTerms = true;
-  #   defaults.email = "oqyude@gmail.com"; # Укажите ваш email
-  #   certs."${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net" = {
-  #     dnsProvider = null; # Tailscale hostname не требует DNS-проверки, если используем HTTP-01
-  #     webroot = "/var/lib/acme/acme-challenge";
-  #     extraLegoFlags = [ "--http-01.port=80" ];
-  #   };
-  # };
-  # networking.firewall.allowedTCPPorts = [
-  #   44443
-  #   44444
-  #   80
-  # ];
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "oqyude@gmail.com";
+  };
+  networking.firewall.allowedTCPPorts = [
+    #44443
+    #44444
+    80
+    443
+  ];
 }