diff --git a/recipes/openresty.rb b/recipes/openresty.rb
new file mode 100644
index 0000000..bf0d30b
--- /dev/null
+++ b/recipes/openresty.rb
@@ -0,0 +1,64 @@
+# apt_repository 'open resty repo' do
+#   uri 'http://openresty.org/package/ubuntu'
+#   key 'https://openresty.org/package/pubkey.gpg'
+#   components   ['main']
+# end
+
+apt_package 'software-properties-common'
+
+execute 'add key' do
+	command 'wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -'
+end
+
+execute 'add repo' do
+	command 'add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"; apt update'
+end
+
+apt_package 'openresty'
+
+if node['web']['do_ssl']
+	apt_package 'luarocks'
+
+	execute 'install lua-resty-auto-ssl' do
+	  command 'luarocks install lua-resty-auto-ssl'
+	end
+
+	directory '/etc/ssl' do
+	  mode '0755'
+	  action :create
+	end
+
+	execute 'defualt ssl' do
+		command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt"
+	end
+
+	execute 'defualt ssl' do
+		command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt"
+	end
+
+	template '/etc/openresty/autossl.conf' do
+		source 'autossl.conf.erb'
+	end
+end
+
+template '/etc/openresty/nginx.conf' do
+	source 'nginx.conf.erb'
+end
+
+directory '/etc/openresty/sites-enabled' do
+  mode '0755'
+  action :create
+end
+
+directory '/var/log/nginx/' do
+	mode '0775'
+	action :create
+end
+
+template '/etc/openresty/sites-enabled/host.conf' do
+	source 'host.conf.erb'
+end
+
+systemd_unit 'openresty' do
+	action :reload
+end
\ No newline at end of file
diff --git a/templates/openresty/autossl.conf.erb b/templates/openresty/autossl.conf.erb
new file mode 100644
index 0000000..275df72
--- /dev/null
+++ b/templates/openresty/autossl.conf.erb
@@ -0,0 +1,17 @@
+  ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers  on;
+  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+
+  ssl_certificate_by_lua_block {
+    auto_ssl:ssl_certificate()
+  }
+
+  location /.well-known/acme-challenge/ {
+    content_by_lua_block {
+      auto_ssl:challenge_server()
+    }
+  }
+
+  ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+  ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+  
\ No newline at end of file
diff --git a/templates/openresty/nginx.conf.erb b/templates/openresty/nginx.conf.erb
new file mode 100644
index 0000000..29e97db
--- /dev/null
+++ b/templates/openresty/nginx.conf.erb
@@ -0,0 +1,75 @@
+#user  nobody;
+worker_processes 4;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    client_max_body_size 4g;
+
+
+    lua_shared_dict auto_ssl 100m;
+    lua_shared_dict auto_ssl_settings 64k;
+
+    resolver 8.8.4.4 8.8.8.8;
+
+    init_by_lua_block {
+        auto_ssl = (require "resty.auto-ssl").new()
+	auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
+        auto_ssl:set("allow_domain", function(domain)
+            return true
+        end)
+        auto_ssl:init()
+    }
+
+    init_worker_by_lua_block {
+      auto_ssl:init_worker()
+    }
+
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    server {
+      listen 127.0.0.1:8999;
+
+      # Increase the body buffer size, to ensure the internal POSTs can always
+      # parse the full POST contents into memory.
+      client_body_buffer_size 128k;
+      client_max_body_size 128k;
+
+      location / {
+        content_by_lua_block {
+          auto_ssl:hook_server()
+        }
+      }
+    }
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+    include sites-enabled/*;
+
+}
diff --git a/templates/openresty/simple-proxy.conf.erb b/templates/openresty/simple-proxy.conf.erb
new file mode 100644
index 0000000..6482164
--- /dev/null
+++ b/templates/openresty/simple-proxy.conf.erb
@@ -0,0 +1,28 @@
+server {
+    listen   80;
+    <% if node['web']['do_ssl'] %>
+    listen  443 ssl;
+    <% end %>
+    server_name <%= node['app']['domain'] %>;
+
+    <% if node['web']['do_ssl'] %>
+    include autossl.conf;
+    <% end %>
+
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    location / {
+         proxy_pass         http://localhost:3000;
+         proxy_set_header   Host $host;
+         proxy_set_header   X-Real-IP $remote_addr;
+         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header   X-Forwarded-Host $server_name;
+         proxy_read_timeout  1200s;
+
+         # used for view/edit office file via Office Online Server
+         client_max_body_size 0;
+    }
+
+     access_log      /var/log/nginx/<%= node['app']['name'] %>.access.log;
+     error_log       /var/log/nginx/<%= node['app']['name'] %>.error.log;
+}