diff --git a/docker-compose.yml b/docker-compose.yml
index 64866bf..4969ee2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -46,10 +46,9 @@ services:
         mem_limit: 256m
 
     proxy:
-        image: alfresco/alfresco-acs-nginx:3.0.2
-        environment:
-            REPO_URL: "http://platform:8080"
-        depends_on:
-            - platform
+        build: ./nginx-ingress
+        image: local/nginx-ingress:acs
         ports:
             - 8080:8080
+        depends_on:
+            - platform
diff --git a/nginx-ingress/Dockerfile b/nginx-ingress/Dockerfile
new file mode 100644
index 0000000..c00e373
--- /dev/null
+++ b/nginx-ingress/Dockerfile
@@ -0,0 +1,8 @@
+FROM nginx:stable-alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/nginx-ingress/entrypoint.sh b/nginx-ingress/entrypoint.sh
new file mode 100644
index 0000000..3dc2e8e
--- /dev/null
+++ b/nginx-ingress/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [[ $ACS_PLATFORM_URL ]]; then
+  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
+fi
+
+if [[ $ACCESS_LOG ]]; then
+  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
+fi
+
+nginx -g "daemon off;"
diff --git a/nginx-ingress/nginx.conf b/nginx-ingress/nginx.conf
new file mode 100644
index 0000000..0bbab22
--- /dev/null
+++ b/nginx-ingress/nginx.conf
@@ -0,0 +1,51 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen *:8080;
+
+        client_max_body_size 0;
+
+        set  $allowOriginSite *;
+        proxy_pass_request_headers on;
+        proxy_pass_header Set-Cookie;
+
+        # External settings, do not remove
+        #ENV_ACCESS_LOG
+
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header Host            $host:$server_port;
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass_header Set-Cookie;
+        
+        # Protect access to SOLR APIs
+        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
+
+        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
+        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
+        
+        # Protect access to Prometheus endpoint
+        location ~ ^(/.*/s/prometheus)$ {return 403;}
+        
+        location / {
+            proxy_pass http://platform:8080;
+        }
+
+        location /alfresco/ {
+            proxy_pass http://platform:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
+    }
+}