diff --git a/nginx/nginx/README.md b/nginx/nginx/README.md
new file mode 100644
index 0000000..d52a150
--- /dev/null
+++ b/nginx/nginx/README.md
@@ -0,0 +1,47 @@
+# handige sites:
+- https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
+- https://securityheaders.com/
+- https://www.ssllabs.com/
+
+
+# DH-Param maken:
+- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048```
+- ```sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096```
+
+
+# controleren of dit bestand goed is:
+```docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"```
+
+# zonder downtime nginx reloaden:
+```docker exec -it nginx s6-svc -h /var/run/s6/services/nginx```
+
+# Cert aanmaken
+```
+sudo docker run -it --rm \
+-v /docker/nginx/letsencrypt:/etc/letsencrypt \
+-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \
+-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \
+-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
+certbot/certbot \
+certonly --webroot \
+--email "example@example.nl" \
+--agree-tos \
+--rsa-key-size "4096" \
+--cert-name "example.example.com" \
+--webroot-path=/data/letsencrypt \
+-d example.example.com
+```
+
+## Cert  vernieuwen:
+```
+docker run --rm -it --name certbot \
+-v "/docker/nginx/letsencrypt:/etc/letsencrypt" \
+-v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \
+-v "/docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt" \
+-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
+certbot/certbot renew \
+--webroot -w /data/letsencrypt \
+--quiet && docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
+```
+# cronjob: (dagelijks auto vernieuwen)
+```sudo docker run --rm --name certbot -v /docker/nginx/letsencrypt:/etc/letsencrypt -v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt -v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt -v /docker/nginx/letsencrypt/log:/var/log/letsencrypt certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart nginx```