diff --git a/gitea/.env.example b/gitea/.env.example
deleted file mode 100644
index 95e1324..0000000
--- a/gitea/.env.example
+++ /dev/null
@@ -1,16 +0,0 @@
-# User to run container as
-USER_UID=1000
-USER_GID=1000
-
-# Database settings
-DB_TYPE=postgres
-DB_HOST=db:5432
-DB_NAME=gitea
-DB_USER=gitea
-DB_PASSWD=gitea
-
-# Wether to start LFS
-LFS_START_SERVER=true
-
-# Wether to allow registration
-DISABLE_REGISTRATION=true
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
deleted file mode 100644
index 6e65af8..0000000
--- a/gitea/docker-compose.yml
+++ /dev/null
@@ -1,59 +0,0 @@
-version: '2.4'
-
-services:
-    app:
-        # Latest contains a development version
-        image: 'gitea/gitea:1.14.1-rootless'
-        restart: 'always'
-        
-        depends_on:
-            db:
-                condition: 'service_healthy'
-        healthcheck:
-            test: 'curl -f localhost:3000 || exit 1'
-            interval: '30s'
-            timeout: '5s'
-            retries: 3
-            start_period: '5s'
-        
-        env_file:
-            - '.env'
-        networks:
-            - 'default'
-            - 'nginx'
-        ports:
-            - '22:22'
-        volumes:
-            - 'data:/data'
-            - 'repos:/data/git/repositories'
-            - 'lfs:/data/git/lfs'
-            - '/etc/timezone:/etc/timezone:ro'
-            - '/etc/localtime:/etc/localtime:ro'
-
-    db:
-        image: 'postgres:13.2-alpine'
-        restart: 'always'
-        
-        healthcheck:
-            test: 'pg_isready -U gitea'
-            interval: '30s'
-            timeout: '5s'
-            retries: 3
-            start_period: '0s'
-        
-        environment:
-            - 'POSTGRES_USER=gitea'
-            - 'POSTGRES_PASSWORD=gitea'
-            - 'POSTGRES_DB=gitea'
-        volumes:
-            - 'db-data:/var/lib/postgresql/data'
-
-networks:
-    nginx:
-        external: true
-
-volumes:
-    data:
-    lfs:
-    db-data:
-    repos:
diff --git a/nginx/.env.example b/nginx/.env.example
index 39f272a..445e483 100644
--- a/nginx/.env.example
+++ b/nginx/.env.example
@@ -1,59 +1,12 @@
-# =====COMMON CONFIGURATION=====
-## Comma-seperated list of domains to generate certs for
-## NOTE: you should only add domains here that aren't used in any of
-## the specific configurations below
+# Main domain; also name of certificate
+MAIN_DOMAIN=
+
+# Comma-separated list of other domains which also arrive here
 DOMAINS=
 
-## Admin email; used for certificates
+# Admin email; used for certificates
 EMAIL=
 
-## HTTP(S) Port
+# HTTP(S) Port
 HTTP_PORT=80
 HTTPS_PORT=443
-
-
-# =====PER-SERVICE CONFIGURATION=====
-# Domain name: domain name that points to the instance
-# Hostname: basically the argument to proxy_pass
-
-## Firefly III
-### Domain name
-FIREFLY_DOMAIN=
-### Hostname
-FIREFLY_HOST=firefly_app_1
-
-## Koel
-### Domain name
-KOEL_DOMAIN=
-### Hostname
-KOEL_HOST=koel_app_1
-
-## Miniflux
-### Domain name
-MINIFLUX_DOMAIN=
-### Hostname
-MINIFLUX_HOST=miniflux_app_1
-
-## Monica
-### Domain name
-MONICA_DOMAIN=
-### Hostname
-MONICA_HOST=monica_app_1
-
-## Nextcloud
-### Domain name
-NEXTCLOUD_DOMAIN=
-### Hostname
-NEXTCLOUD_HOST=nextcloud_app_1
-
-## Portainer
-### Domain name
-PORTAINER_DOMAIN=
-### Hostname
-PORTAINER_HOST=portainer_app_1
-
-## Gitea
-### Domain name
-GITEA_DOMAIN=
-### Hostname
-GITEA_HOST=gitea_app_1
diff --git a/nginx/build/Dockerfile b/nginx/build/Dockerfile
new file mode 100644
index 0000000..309ea38
--- /dev/null
+++ b/nginx/build/Dockerfile
@@ -0,0 +1,17 @@
+FROM nginx:stable-alpine
+
+RUN apk add --no-cache certbot
+
+COPY entrypoint.sh ./entrypoint.sh
+RUN chmod +x ./entrypoint.sh
+
+RUN mkdir /var/lib/certbot
+COPY renew /etc/periodic/weekly/renew
+RUN chmod +x /etc/periodic/weekly/renew
+
+# Default.conf file is annoying
+RUN rm -rf /etc/nginx/conf.d/*
+
+RUN /usr/sbin/crond -f -d 8 &
+
+ENTRYPOINT [ "./entrypoint.sh" ]
diff --git a/nginx/build/entrypoint.sh b/nginx/build/entrypoint.sh
new file mode 100644
index 0000000..d652550
--- /dev/null
+++ b/nginx/build/entrypoint.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+certbot certonly --standalone -d "$MAIN_DOMAIN,$DOMAINS" --email "$EMAIL" -n --agree-tos --expand
+
+# The original script handles the template subsitution
+exec /docker-entrypoint.sh nginx -g "daemon off;"
diff --git a/nginx/build/renew b/nginx/build/renew
new file mode 100644
index 0000000..98327d4
--- /dev/null
+++ b/nginx/build/renew
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --webroot --webroot-path /var/lib/certbot/ --post-hook "/usr/sbin/nginx -s reload"
diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml
index f991d1b..c8e51f1 100644
--- a/nginx/docker-compose.yml
+++ b/nginx/docker-compose.yml
@@ -1,13 +1,15 @@
-version: '2.4'
-
+version: '3.5'
 services:
     app:
-        build: './nginx'
+        build: './build'
         image: 'nginx-certbot:stable-alpine'
-        restart: 'always'
 
-        env_file:
-            - '.env'
+        environment:
+            - 'DOMAINS'
+            - 'EMAIL'
+            - 'HTTPS_PORT'
+            - 'HTTP_PORT'
+            - 'MAIN_DOMAIN'
         networks:
             - 'nginx'
         ports:
diff --git a/nginx/nginx/Dockerfile b/nginx/nginx/Dockerfile
deleted file mode 100644
index 19a359b..0000000
--- a/nginx/nginx/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM nginx:1.20.0-alpine
-
-COPY entrypoint.sh /entrypoint.sh
-COPY renew /etc/periodic/weekly/renew
-
-# Install certbot
-# Remove default configs
-RUN apk add --no-cache certbot && \
-    rm -rf /etc/nginx/conf.d/*
-
-ENTRYPOINT [ "./entrypoint.sh" ]
diff --git a/nginx/nginx/entrypoint.sh b/nginx/nginx/entrypoint.sh
deleted file mode 100755
index bd2df4c..0000000
--- a/nginx/nginx/entrypoint.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env sh
-
-# Start cron
-/usr/sbin/crond -d 8 &
-
-# Renew all certificates
-for url in $(env | grep '^[^=]\+_DOMAIN=' | sed 's/^.*\?=\(.*\)$/\1/g') $(echo "$DOMAINS" | sed 's/,/ /g')
-do
-    cerbot certonly \
-        --standalone \
-        -d "$url" \
-        --email "$EMAIL" \
-        -n \
-        --agree-tos \
-        --expand
-done
-
-# The original script handles the template subsitution
-exec /docker-entrypoint.sh nginx -g "daemon off;"
diff --git a/nginx/nginx/renew b/nginx/nginx/renew
deleted file mode 100755
index bdbebcf..0000000
--- a/nginx/nginx/renew
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env sh
-
-python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && \
-    certbot renew \
-        --webroot \
-        --webroot-path /var/lib/certbot/ \
-        --post-hook "/usr/sbin/nginx -s reload"
diff --git a/nginx/sites-available/firefly-iii.conf.template b/nginx/sites-available/firefly-iii.conf
similarity index 60%
rename from nginx/sites-available/firefly-iii.conf.template
rename to nginx/sites-available/firefly-iii.conf
index e9447fc..1a9f1c4 100644
--- a/nginx/sites-available/firefly-iii.conf.template
+++ b/nginx/sites-available/firefly-iii.conf
@@ -1,11 +1,6 @@
 server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${FIREFLY_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${FIREFLY_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    listen [::]:${HTTPS_PORT} ssl;
-    server_name ${FIREFLY_DOMAIN};
+    listen 443 ssl;
+    server_name DOMAIN;
 
     location / {
         proxy_set_header Host              $host;
@@ -18,7 +13,7 @@ server {
         proxy_set_header Connection        "upgrade";
 
         resolver 127.0.0.11;
-        proxy_pass http://${FIREFLY_HOST}:8080;
+        proxy_pass http://firefly_app_1:8080;
     }
 }
 
diff --git a/nginx/sites-available/gitea.conf.template b/nginx/sites-available/gitea.conf.template
deleted file mode 100644
index 477f4be..0000000
--- a/nginx/sites-available/gitea.conf.template
+++ /dev/null
@@ -1,23 +0,0 @@
-server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${GITEA_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${GITEA_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    listen [::]:${HTTPS_PORT} ssl;
-    server_name ${GITEA_DOMAIN};
-
-    location / {
-        resolver 127.0.0.11;
-        proxy_pass http://#{GITEA_HOST}:3000/;
-
-        # Static content caching
-        location ~* \.(?:jpg|jpeg|png|gif|ico|css|js|ttf)$ {
-            expires 1h;
-            add_header Cache-Control public;
-
-            proxy_pass http://${GITEA_HOST}:3000;
-        }
-    }
-}
-
diff --git a/nginx/sites-available/koel.conf b/nginx/sites-available/koel.conf
new file mode 100644
index 0000000..82832a5
--- /dev/null
+++ b/nginx/sites-available/koel.conf
@@ -0,0 +1,9 @@
+server {
+    listen 443 ssl;
+    server_name DOMAIN;
+
+    location / {
+        resolver 127.0.0.11;
+        proxy_pass http://koel_app_1:80;
+    }
+}
diff --git a/nginx/sites-available/koel.conf.template b/nginx/sites-available/koel.conf.template
deleted file mode 100644
index 139f463..0000000
--- a/nginx/sites-available/koel.conf.template
+++ /dev/null
@@ -1,14 +0,0 @@
-server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${KOEL_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${KOEL_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    listen [::]:${HTTPS_PORT} ssl;
-    server_name ${KOEL_DOMAIN};
-
-    location / {
-        resolver 127.0.0.11;
-        proxy_pass http://${KOEL_HOST}:80;
-    }
-}
diff --git a/nginx/sites-available/miniflux.conf b/nginx/sites-available/miniflux.conf
new file mode 100644
index 0000000..da25654
--- /dev/null
+++ b/nginx/sites-available/miniflux.conf
@@ -0,0 +1,10 @@
+server {
+    listen 443 ssl;
+    server_name DOMAIN;
+
+    location / {
+        resolver 127.0.0.11;
+        proxy_pass http://miniflux_app_1:8080;
+    }
+}
+
diff --git a/nginx/sites-available/miniflux.conf.template b/nginx/sites-available/miniflux.conf.template
deleted file mode 100644
index eefbe26..0000000
--- a/nginx/sites-available/miniflux.conf.template
+++ /dev/null
@@ -1,15 +0,0 @@
-server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${MINIFLUX_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${MINIFLUX_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    listen [::]:${HTTPS_PORT} ssl;
-    server_name ${MINIFLUX_DOMAIN};
-
-    location / {
-        resolver 127.0.0.11;
-        proxy_pass http://${MINIFLUX_HOST}:8080;
-    }
-}
-
diff --git a/nginx/sites-available/nefarious.conf.template b/nginx/sites-available/nefarious.conf
similarity index 100%
rename from nginx/sites-available/nefarious.conf.template
rename to nginx/sites-available/nefarious.conf
diff --git a/nginx/sites-available/nextcloud.conf.template b/nginx/sites-available/nextcloud.conf
similarity index 84%
rename from nginx/sites-available/nextcloud.conf.template
rename to nginx/sites-available/nextcloud.conf
index 9ade02e..e36549d 100644
--- a/nginx/sites-available/nextcloud.conf.template
+++ b/nginx/sites-available/nextcloud.conf
@@ -1,12 +1,7 @@
 server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${NEXTCLOUD_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${NEXTCLOUD_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    # Not sure why http2 is here, but let's keep it just in case
-    listen [::]:${HTTPS_PORT} ssl http2;
-    server_name ${NEXTCLOUD_DOMAIN};
+    listen 443 ssl;
+    listen [::]:443 ssl http2;
+    server_name DOMAIN;
 
     # Enable gzip but do not remove ETag headers
     gzip on;
@@ -28,7 +23,7 @@ server {
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
     location / {
-        proxy_pass http://${NEXTCLOUD_HOST}:80/;
+        proxy_pass http://nextcloud_app_1:80/;
 
         proxy_pass_request_headers on;
 
diff --git a/nginx/sites-available/portainer.conf b/nginx/sites-available/portainer.conf
new file mode 100644
index 0000000..98b1e44
--- /dev/null
+++ b/nginx/sites-available/portainer.conf
@@ -0,0 +1,11 @@
+server {
+    listen 443 ssl;
+    server_name DOMAIN;
+
+    location / {
+        proxy_set_header Connection "upgrade";
+
+        resolver 127.0.0.11;
+        proxy_pass http://portainer_app_1:9000;
+    }
+}
diff --git a/nginx/sites-available/portainer.conf.template b/nginx/sites-available/portainer.conf.template
deleted file mode 100644
index c9ec72c..0000000
--- a/nginx/sites-available/portainer.conf.template
+++ /dev/null
@@ -1,16 +0,0 @@
-server {
-    # SSL Key locations
-    ssl_certificate     /etc/letsencrypt/live/${PORTAINER_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${PORTAINER_DOMAIN}/privkey.pem;
-
-    listen ${HTTPS_PORT} ssl;
-    listen [::]:${HTTPS_PORT} ssl;
-    server_name ${PORTAINER_DOMAIN};
-
-    location / {
-        proxy_set_header Connection "upgrade";
-
-        resolver 127.0.0.11;
-        proxy_pass http://${PORTAINER_HOST}:9000;
-    }
-}
diff --git a/nginx/sites-enabled/.gitkeep b/nginx/sites-enabled/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/nginx/templates/http.conf.template b/nginx/templates/http.conf.template
index ae69504..2b62f29 100644
--- a/nginx/templates/http.conf.template
+++ b/nginx/templates/http.conf.template
@@ -1,5 +1,9 @@
 http {
-    # COMMON SSL CONFIGURATION
+    # SSL CONFIGURATION
+    # Key locations
+    ssl_certificate     /etc/letsencrypt/live/${MAIN_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${MAIN_DOMAIN}/privkey.pem;
+
     # Allowed protocols
     ssl_protocols TLSv1.2;
 
@@ -25,6 +29,7 @@ http {
         return 301 https://$host:${HTTPS_PORT}$request_uri;
     }
 
+
     # LOAD SITES
     include sites-enabled/*.conf;
 }