diff --git a/server/cmd/museum/main.go b/server/cmd/museum/main.go
index 5ea4f3389..4905e82a4 100644
--- a/server/cmd/museum/main.go
+++ b/server/cmd/museum/main.go
@@ -712,7 +712,7 @@ func main() {
 }
 
 func runServer(environment string, server *gin.Engine) {
-	if environment == "local" {
+	if environment == "local" || environment == "proxy" {
 		server.Run(":8080")
 	} else {
 		certPath, err := config.CredentialFilePath("tls.cert")
diff --git a/server/configurations/proxy.yaml b/server/configurations/proxy.yaml
new file mode 100644
index 000000000..0f206f09a
--- /dev/null
+++ b/server/configurations/proxy.yaml
@@ -0,0 +1,11 @@
+# Production setup when running behind a reverse proxy like Nginx
+#
+# - TLS terminates on Nginx not on us
+# - Otherwise the same as `production.yaml`
+
+log-file: /var/logs/museum.log
+
+stripe:
+    path:
+        success: ?status=success&session_id={CHECKOUT_SESSION_ID}
+        cancel: ?status=fail&reason=canceled
diff --git a/server/scripts/deploy/README.md b/server/scripts/deploy/README.md
index 7472a4867..5b55e6e78 100644
--- a/server/scripts/deploy/README.md
+++ b/server/scripts/deploy/README.md
@@ -1,8 +1,5 @@
 # Production Deployments
 
-Museum runs using Docker + systemd on production instances, load balanced via
-Cloudflare.
-
 This document outlines how we ourselves deploy museum. Note that this is very
 specific to our use case, and while this might be useful as an example, this is
 likely overkill for simple self hosted deployments.
diff --git a/server/scripts/deploy/museum.nginx.conf b/server/scripts/deploy/museum.nginx.conf
index 9af7b41a0..c36a352e6 100644
--- a/server/scripts/deploy/museum.nginx.conf
+++ b/server/scripts/deploy/museum.nginx.conf
@@ -7,7 +7,7 @@ server {
     server_name api.ente.io;
 
     location / {
-        proxy_pass http://host.docker.internal:9000;
+        proxy_pass http://host.docker.internal:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/server/scripts/deploy/museum.nginx.service b/server/scripts/deploy/museum.nginx.service
index 470add934..6b32690f7 100644
--- a/server/scripts/deploy/museum.nginx.service
+++ b/server/scripts/deploy/museum.nginx.service
@@ -9,9 +9,9 @@ ExecStartPre=docker pull rg.fr-par.scw.cloud/ente/museum-prod
 ExecStartPre=-docker stop museum
 ExecStartPre=-docker rm museum
 ExecStart=docker run --name museum \
-     -e ENVIRONMENT=production \
+     -e ENVIRONMENT=proxy \
      --hostname "%H" \
-     -p 443:443 \
+     -p 8080:8080 \
      -p 2112:2112 \
      -v /root/museum/credentials:/credentials:ro \
      -v /root/museum/credentials.yaml:/credentials.yaml:ro \
diff --git a/server/scripts/deploy/update-and-restart-museum.sh b/server/scripts/deploy/update-and-restart-museum.sh
index e4e5b34da..85f93ae05 100755
--- a/server/scripts/deploy/update-and-restart-museum.sh
+++ b/server/scripts/deploy/update-and-restart-museum.sh
@@ -3,7 +3,7 @@
 # This script is meant to be run on the production instances.
 #
 # It will pull the latest Docker image, restart the museum process and start
-# tailing the logs.
+# tailing the logs as a sanity check.
 
 set -o errexit