diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 31e50d5..e2c6c4e 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -1,5 +1,5 @@
 	# ADDITIONAL DIRECTIVES HERE
-	
+
 	# Control Panel
 	# Proxy /admin to our Python based control panel daemon. It is
 	# listening on IPv4 only so use an IP address and not 'localhost'.
@@ -98,3 +98,17 @@
 	rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
 	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
 	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
+
+    # WKD Locations
+	location ~ ^/.well-known/openpgpkey/(?<domain>.+)/policy$ {
+		add_header Access-Control-Allow-origin * always;
+        if (-d /var/lib/mailinabox/wkd/$domain/) {
+            return 204;
+        }
+        return 404;
+	}
+
+	location ~ ^/.well-known/openpgpkey/(?<domain>.+)/hu/(?<keyid>[ybndrfg8ejkmcpqxot1uwisza345h769]+)$ {
+		add_header Access-Control-Allow-Origin * always;
+		alias /var/lib/mailinabox/wkd/$domain/$keyid;
+	}