diff --git a/Dockerfile b/Dockerfile
index a3df77a..76b9a4e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,13 +4,13 @@ RUN \
  apk add --no-cache --upgrade \
     curl \
     tar && \
- mkdir -p /root/defaults/proxy-confs && \
+ mkdir -p /root/defaults/nginx/proxy-confs && \
  curl -o \
     /tmp/proxy.tar.gz -L \
     "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
  tar xf \
     /tmp/proxy.tar.gz -C \
-    /root/defaults/proxy-confs \
+    /root/defaults/nginx/proxy-confs \
     --strip-components=1 \
     --exclude=linux*/.gitattributes \
     --exclude=linux*/.github \
diff --git a/root/defaults/default b/root/defaults/default
deleted file mode 100644
index 84730f0..0000000
--- a/root/defaults/default
+++ /dev/null
@@ -1,37 +0,0 @@
-## Version 2020/12/11 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx.conf
-
-server {
-    listen 80 default_server;
-    listen 443 ssl;
-    server_name _;
-
-    root /config/www;
-
-    index index.html index.htm index.php;
-
-    # enable subfolder method reverse proxy confs
-    include /config/nginx/proxy-confs/*.subfolder.conf;
-
-    ssl_certificate /config/keys/cert.crt;
-    ssl_certificate_key /config/keys/cert.key;
-
-
-    client_max_body_size 0;
-
-    location / {
-        try_files $uri $uri/ /index.html /index.php?$args =404;
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass 127.0.0.1:9000;
-        fastcgi_index index.php;
-        include /etc/nginx/fastcgi_params;
-    }
-
-}
-
-# enable subdomain method reverse proxy confs
-include /config/nginx/proxy-confs/*.subdomain.conf;
-# enable proxy cache for auth
-proxy_cache_path cache/ keys_zone=auth_cache:10m;
\ No newline at end of file
diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf
deleted file mode 100644
index 79be80e..0000000
--- a/root/defaults/nginx.conf
+++ /dev/null
@@ -1,105 +0,0 @@
-## Version 2021/05/18 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx.conf
-
-user abc;
-
-# Set number of worker processes automatically based on number of CPU cores.
-include /config/nginx/worker_processes.conf;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
-pcre_jit on;
-
-# Configures default error logger.
-error_log /config/log/nginx/error.log;
-
-# Includes files with directives to load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
-events {
-    # The maximum number of simultaneous connections that can be opened by
-    # a worker process.
-    worker_connections 1024;
-    # multi_accept on;
-}
-
-http {
-    # Includes mapping of file name extensions to MIME types of responses
-    # and defines the default type.
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    # Name servers used to resolve names of upstream servers into addresses.
-    # It's also needed when using tcpsocket and udpsocket in Lua modules.
-    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
-    include /config/nginx/resolver.conf;
-
-    # Don't tell nginx version to the clients. Default is 'on'.
-    server_tokens off;
-
-    # Specifies the maximum accepted body size of a client request, as
-    # indicated by the request header Content-Length. If the stated content
-    # length is greater than this size, then the client receives the HTTP
-    # error code 413. Set to 0 to disable. Default is '1m'.
-    client_max_body_size 0;
-
-    # Sendfile copies data between one FD and other from within the kernel,
-    # which is more efficient than read() + write(). Default is off.
-    sendfile on;
-
-    # Causes nginx to attempt to send its HTTP response head in one packet,
-    # instead of using partial frames. Default is 'off'.
-    tcp_nopush on;
-
-    # Helper variable for proxying websockets.
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        '' close;
-    }
-
-    # Sets the path, format, and configuration for a buffered log write.
-    access_log /config/log/nginx/access.log;
-
-    # Includes virtual hosts configs.
-    #include /etc/nginx/http.d/*.conf;
-
-    # WARNING: Don't use this directory for virtual hosts anymore.
-    # This include will be moved to the root context in Alpine 3.14.
-    #include /etc/nginx/conf.d/*.conf;
-
-
-    ##
-    # Basic Settings
-    ##
-
-    client_body_buffer_size 128k;
-    keepalive_timeout 65;
-    large_client_header_buffers 4 16k;
-    send_timeout 5m;
-    tcp_nodelay on;
-    types_hash_max_size 2048;
-    variables_hash_max_size 2048;
-    # server_names_hash_bucket_size 64;
-    # server_name_in_redirect off;
-
-    ##
-    # Gzip Settings
-    ##
-
-    gzip on;
-    gzip_disable "msie6";
-    # gzip_vary on;
-    # gzip_proxied any;
-    # gzip_comp_level 6;
-    # gzip_buffers 16 8k;
-    # gzip_http_version 1.1;
-    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-    ##
-    # Virtual Host Configs
-    ##
-    include /config/nginx/site-confs/*;
-    #Removed lua. Do not remove this comment
-
-}
-
-daemon off;
-pid /run/nginx.pid;
\ No newline at end of file
diff --git a/root/defaults/nginx/proxy.conf.sample b/root/defaults/nginx/proxy.conf.sample
new file mode 100644
index 0000000..a5aa6b5
--- /dev/null
+++ b/root/defaults/nginx/proxy.conf.sample
@@ -0,0 +1,31 @@
+## Version 2022/09/02 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx/proxy.conf.sample
+
+# Timeout if the real server is dead
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+# Proxy Connection Settings
+proxy_buffers 32 4k;
+proxy_connect_timeout 240;
+proxy_headers_hash_bucket_size 128;
+proxy_headers_hash_max_size 1024;
+proxy_http_version 1.1;
+proxy_read_timeout 240;
+proxy_redirect  http://  $scheme://;
+proxy_send_timeout 240;
+
+# Proxy Cache and Cookie Settings
+proxy_cache_bypass $cookie_session;
+#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
+proxy_no_cache $cookie_session;
+
+# Proxy Header Settings
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Early-Data $ssl_early_data;
+proxy_set_header Host $host;
+proxy_set_header Proxy "";
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Proto https;
+proxy_set_header X-Forwarded-Ssl on;
+proxy_set_header X-Real-IP $remote_addr;
\ No newline at end of file
diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample
new file mode 100644
index 0000000..9ce09fb
--- /dev/null
+++ b/root/defaults/nginx/site-confs/default.conf.sample
@@ -0,0 +1,45 @@
+## Version 2022/09/02 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx/site-confs/default.conf.sample
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name _;
+
+    set $root /app/www/public;
+    if (!-d /app/www/public) {
+        set $root /config/www;
+    }
+    root $root;
+    index index.html index.htm index.php;
+
+    # enable subfolder method reverse proxy confs
+    include /config/nginx/proxy-confs/*.subfolder.conf;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+}
+
+# enable subdomain method reverse proxy confs
+include /config/nginx/proxy-confs/*.subdomain.conf;
+# enable proxy cache for auth
+proxy_cache_path cache/ keys_zone=auth_cache:10m;
\ No newline at end of file
diff --git a/root/defaults/ssl.conf b/root/defaults/ssl.conf
deleted file mode 100644
index 2851edc..0000000
--- a/root/defaults/ssl.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-## Version 2021/05/18 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/ssl.conf
-
-### Mozilla Recommendations
-# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
-# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
-
-ssl_session_timeout 1d;
-ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-ssl_session_tickets off;
-
-# intermediate configuration
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-ssl_prefer_server_ciphers off;
-
-# OCSP stapling
-ssl_stapling on;
-ssl_stapling_verify on;
-
-
-### Linuxserver.io Defaults
-
-# Certificates
-ssl_certificate /config/keys/cert.crt;
-ssl_certificate_key /config/keys/cert.key;
-
-# Diffie-Hellman Parameters
-ssl_dhparam /config/nginx/dhparams.pem;
-
-# Enable TLS 1.3 early data
-ssl_early_data on;
-
-# HSTS, remove # from the line below to enable HSTS
-#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
-
-# Optional additional headers
-#add_header Cache-Control "no-transform" always;
-#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
-#add_header Referrer-Policy "same-origin" always;
-#add_header X-Content-Type-Options "nosniff" always;
-#add_header X-Frame-Options "SAMEORIGIN" always;
-#add_header X-UA-Compatible "IE=Edge" always;
-#add_header X-XSS-Protection "1; mode=block" always;
\ No newline at end of file
diff --git a/root/etc/cont-init.d/99-proxy-conf b/root/etc/cont-init.d/99-proxy-conf
index d4709c6..3b97794 100644
--- a/root/etc/cont-init.d/99-proxy-conf
+++ b/root/etc/cont-init.d/99-proxy-conf
@@ -5,36 +5,28 @@
 # SWAG LOGIC https://github.com/linuxserver/docker-swag/blob/master/root/etc/cont-init.d/50-config
 ###
 
+# make our folders and links
+mkdir -p \
+    /config/nginx/proxy-confs
+
+# samples are removed on init by the nginx base
+
+# copy new samples
+if [[ -d /defaults/nginx/proxy-confs/ ]]; then
+    find /defaults/nginx/proxy-confs/ \
+        -maxdepth 1 \
+        -name "*.conf.sample" \
+        -type f \
+        -exec cp "{}" /config/nginx/proxy-confs/ +
+fi
+
 # copy reverse proxy configs
-cp -R /defaults/proxy-confs /config/nginx/
+cp -R /defaults/nginx/proxy-confs /config/nginx/
 
-# copy proxy defaults
-[[ ! -f /config/nginx/proxy.conf ]] &&
-  cp /defaults/proxy.conf /config/nginx/proxy.conf
-[[ ! -f /config/nginx/ssl.conf ]] &&
-  cp /defaults/ssl.conf /config/nginx/ssl.conf
-
-# Set resolver
-if ! grep -q 'resolver' /config/nginx/resolver.conf; then
-    RESOLVER=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
-    echo "Setting resolver to ${RESOLVER}"
-    echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/resolver.conf
+# copy default config files if they don't exist
+if [[ ! -f /config/nginx/proxy.conf ]]; then
+    cp /defaults/nginx/proxy.conf.sample /config/nginx/proxy.conf
 fi
-
-# Set worker_processes
-if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
-    WORKER_PROCESSES=$(nproc)
-    echo "Setting worker_processes to ${WORKER_PROCESSES}"
-    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
-fi
-
-# copy pre-generated dhparams or generate if needed
-[[ ! -f /config/nginx/dhparams.pem ]] && \
-    cp /defaults/dhparams.pem /config/nginx/dhparams.pem
-if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
-    curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
-fi
-
 # permissions
 chown -R abc:abc \
   /config/nginx/{proxy.conf,ssl.conf,dhparams.pem,proxy-confs/}
diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-nginx-proxy-confs-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-nginx-proxy-confs-setup/run
index d4709c6..3b97794 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-mod-nginx-proxy-confs-setup/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-mod-nginx-proxy-confs-setup/run
@@ -5,36 +5,28 @@
 # SWAG LOGIC https://github.com/linuxserver/docker-swag/blob/master/root/etc/cont-init.d/50-config
 ###
 
+# make our folders and links
+mkdir -p \
+    /config/nginx/proxy-confs
+
+# samples are removed on init by the nginx base
+
+# copy new samples
+if [[ -d /defaults/nginx/proxy-confs/ ]]; then
+    find /defaults/nginx/proxy-confs/ \
+        -maxdepth 1 \
+        -name "*.conf.sample" \
+        -type f \
+        -exec cp "{}" /config/nginx/proxy-confs/ +
+fi
+
 # copy reverse proxy configs
-cp -R /defaults/proxy-confs /config/nginx/
+cp -R /defaults/nginx/proxy-confs /config/nginx/
 
-# copy proxy defaults
-[[ ! -f /config/nginx/proxy.conf ]] &&
-  cp /defaults/proxy.conf /config/nginx/proxy.conf
-[[ ! -f /config/nginx/ssl.conf ]] &&
-  cp /defaults/ssl.conf /config/nginx/ssl.conf
-
-# Set resolver
-if ! grep -q 'resolver' /config/nginx/resolver.conf; then
-    RESOLVER=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
-    echo "Setting resolver to ${RESOLVER}"
-    echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/resolver.conf
+# copy default config files if they don't exist
+if [[ ! -f /config/nginx/proxy.conf ]]; then
+    cp /defaults/nginx/proxy.conf.sample /config/nginx/proxy.conf
 fi
-
-# Set worker_processes
-if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
-    WORKER_PROCESSES=$(nproc)
-    echo "Setting worker_processes to ${WORKER_PROCESSES}"
-    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
-fi
-
-# copy pre-generated dhparams or generate if needed
-[[ ! -f /config/nginx/dhparams.pem ]] && \
-    cp /defaults/dhparams.pem /config/nginx/dhparams.pem
-if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
-    curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
-fi
-
 # permissions
 chown -R abc:abc \
   /config/nginx/{proxy.conf,ssl.conf,dhparams.pem,proxy-confs/}