diff --git a/CHANGELOG.md b/CHANGELOG.md
index e3e520dc..70425f11 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## untagged
 
+- Allow custom nginx config files
+  ([#617](https://github.com/chatmail/relay/pull/617))
+
 - Check whether GCC is installed in initenv.sh
   ([#608](https://github.com/chatmail/relay/pull/608))
 
diff --git a/README.md b/README.md
index 7ba08fdb..3ecefceb 100644
--- a/README.md
+++ b/README.md
@@ -255,6 +255,19 @@ This starts a local live development cycle for chatmail web pages:
 
 - Starts a browser window automatically where you can "refresh" as needed.
 
+#### Custom web pages
+
+If you want to include other pages,
+they need their separate nginx config
+under `/etc/nginx/sites-enabled/`.
+Note that they need to listen on port 8443 instead of 443.
+
+To request TLS certificates for the corresponding domains,
+point the DNS records to your Server and run `acmetool want <domain>`.
+You can find the TLS certificates under `/var/lib/acme/live`.
+They will be automatically renewed.
+
+
 ## Mailbox directory layout
 
 Fresh chatmail addresses have a mailbox directory that contains: 
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index cb894750..7d68a86f 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -424,6 +424,12 @@ def _configure_nginx(config: Config, debug: bool = False) -> bool:
     """Configures nginx HTTP server."""
     need_restart = False
 
+    files.link(
+        name="disable nginx default site",
+        path="/etc/nginx/sites-enabled/default",
+        present=False,
+    )
+
     main_config = files.template(
         src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
         dest="/etc/nginx/nginx.conf",
diff --git a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
index 8d27394c..50b7dda4 100644
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -136,4 +136,7 @@ http {
 		return 301 $scheme://{{ config.domain_name }}$request_uri;
 		access_log syslog:server=unix:/dev/log,facility=local7;
 	}
+
+    # Include custom pages; they need to listen on port 8443 instead of port 443
+	include /etc/nginx/sites-enabled/*;
 }