diff --git a/pocketid.subdomain.conf.sample b/pocketid.subdomain.conf.sample
new file mode 100644
index 00000000..90607692
--- /dev/null
+++ b/pocketid.subdomain.conf.sample
@@ -0,0 +1,102 @@
+## Version 2025/07/18
+# make sure that your pocketid container is named pocketid
+# make sure that your dns has a cname set for pocketid
+
+server {
+    listen 443 ssl;
+    listen 443 quic;
+    listen [::]:443 ssl;
+    listen [::]:443 quic;
+
+    server_name pocketid.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    # enable for Tinyauth (requires tinyauth-location.conf in the location block)
+    #include /config/nginx/tinyauth-server.conf;
+
+    if ($lan-ip = yes) { set $geo-whitelist yes; }
+    if ($geo-whitelist = no) { return 404; }
+   location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        # enable for Tinyauth (requires tinyauth-server.conf in the server block)
+        #include /config/nginx/tinyauth-location.conf;
+
+#        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app pocketid;
+        set $upstream_port 1411;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample
+
+# Timeout if the real server is dead
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+# Proxy Connection Settings
+####        proxy_buffers 32 4k;
+        proxy_connect_timeout 240;
+        proxy_headers_hash_bucket_size 128;
+        proxy_headers_hash_max_size 1024;
+        proxy_http_version 1.1;
+        proxy_read_timeout 240;
+        proxy_redirect http:// $scheme://;
+        proxy_send_timeout 240;
+
+# Proxy Cache and Cookie Settings
+        proxy_cache_bypass $cookie_session;
+#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
+        proxy_no_cache $cookie_session;
+# Proxy Header Settings
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Early-Data $ssl_early_data;
+        proxy_set_header Host $host;
+        proxy_set_header Proxy "";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Method $request_method;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_set_header X-Forwarded-Uri $request_uri;
+        proxy_set_header X-Original-Method $request_method;
+        proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        proxy_buffer_size 256k;
+        proxy_buffers 4 512k;
+        proxy_busy_buffers_size 512k;
+
+
+    }
+}
+
+
+
+