diff --git a/src/System/Serverman/Actions/Nginx.hs b/src/System/Serverman/Actions/Nginx.hs
index b57dbf8..ce596cc 100644
--- a/src/System/Serverman/Actions/Nginx.hs
+++ b/src/System/Serverman/Actions/Nginx.hs
@@ -44,6 +44,10 @@ module System.Serverman.Actions.Nginx (nginx) where
       when ssl $ do
         case serverType of
           Static -> do
+            dhparam <- async $ execute "openssl" ["dhparam", "-out", "/etc/ssl/certs/dhparam.pem", "2048"] "" True
+
+            wait dhparam
+
             letsencrypt <- async $ createCert path "letsencrypt"
               
             wait letsencrypt
diff --git a/src/System/Serverman/Actions/WebServer.hs b/src/System/Serverman/Actions/WebServer.hs
index 40c79b2..e75c15e 100644
--- a/src/System/Serverman/Actions/WebServer.hs
+++ b/src/System/Serverman/Actions/WebServer.hs
@@ -17,20 +17,32 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
   instance Show ServerParams where
     show conf 
       | serverService conf == NGINX = 
-          let https
+          let redirect
+                | ssl conf = block "server" $
+                                keyvalue ([ ("listen", "80")
+                                          , ("listen", "[::]:80")
+                                          , ("server_name", domain conf)
+                                          , ("rewrite", "^ https://$server_name$request_uri? permanent")
+                                          ])
+                | otherwise = ""
+              https
                 | ssl conf = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain conf ++ "/fullchain.pem")
                              , ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain conf ++ "/privkey.pem")
                              , ("include", "ssl.conf")]
                 | otherwise = []
 
+              listen = port conf ++ (if ssl conf then " ssl" else "")
+
               base = [ ("server_name", domain conf)
-                     , ("listen", port conf)
+                     , ("listen", listen)
+                     , ("listen", "[::]:" ++ listen)
                      , ("index", "index.html index.html index.php")
                      ] ++ https
           in 
             case serverType conf of
               Static -> 
-                block "server" $ keyvalue (base ++ [("root", directory conf)])
+                (block "server" $ keyvalue (base ++ [("root", directory conf)])) ++
+                redirect
 
               PortForwarding -> 
                 let proxyBlock = block "location /" $
@@ -39,6 +51,6 @@ module System.Serverman.Actions.WebServer (ServerParams(..), ServerType(..)) whe
                                               , ("proxy_set_header", "X-Forwarded-Server $host")
                                               , ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for")
                                               ])
-                in block "server" $ keyvalue base ++ proxyBlock
+                in (block "server" $ keyvalue base ++ proxyBlock) ++ redirect
 
       | otherwise = "Unknown service provider"