diff --git a/data/nginx-relay/nginx-staging.conf b/data/nginx-relay/nginx-staging.conf
new file mode 100644
index 0000000..ecb3ad7
--- /dev/null
+++ b/data/nginx-relay/nginx-staging.conf
@@ -0,0 +1,96 @@
+user  nginx;
+worker_processes  auto;
+
+
+events {
+    worker_connections  1024;
+}
+
+stream {
+    map $ssl_preread_server_name $name {
+        chat.staging.signal.org                 signal-service;
+        ud-chat.staging.signal.org              signal-service;
+        storage-staging.signal.org              storage-service;
+        cdn-staging.signal.org                  signal-cdn;
+        cdn2-staging.signal.org                 signal-cdn2;
+        cdn3-staging.signal.org                 signal-cdn3;
+        cdsi.staging.signal.org                 cdsi;
+        contentproxy.signal.org                 content-proxy;
+        sfu.staging.voip.signal.org             sfu;
+        svr2.staging.signal.org                 svr2;
+        updates.signal.org                      updates;
+        updates2.signal.org                     updates2;
+        backend1.svr3.staging.signal.org        svr31;
+        backend2.svr3.staging.signal.org        svr32;
+        backend3.svr3.staging.signal.org        svr33;
+        default                                 deny;
+    }
+
+    upstream signal-service {
+         server chat.staging.signal.org:443;
+    }
+
+    upstream storage-service {
+        server storage-staging.signal.org:443;
+    }
+
+    upstream signal-cdn {
+        server cdn-staging.signal.org:443;
+    }
+
+    upstream signal-cdn2 {
+        server cdn2-staging.signal.org:443;
+    }
+
+    upstream signal-cdn3 {
+        server cdn3-staging.signal.org:443;
+    }
+
+    upstream cdsi {
+        server cdsi.staging.signal.org:443;
+    }
+
+    upstream content-proxy {
+        server contentproxy.signal.org:443;
+    }
+
+    upstream sfu {
+        server sfu.staging.voip.signal.org:443;
+    }
+
+    upstream svr2 {
+        server svr2.staging.signal.org:443;
+    }
+
+    upstream svr31 {
+        server backend1.svr3.staging.signal.org:443;
+    }
+
+    upstream svr32 {
+        server backend2.svr3.staging.signal.org:443;
+    }
+
+    upstream svr33 {
+        server backend3.svr3.staging.signal.org:443;
+    }
+
+    upstream updates {
+        server updates.signal.org:443;
+    }
+
+    upstream updates2 {
+        server updates2.signal.org:443;
+    }
+
+    upstream deny {
+        server 127.0.0.1:9;
+    }
+
+    server {
+        listen                4433;
+        proxy_pass            $name;
+        ssl_preread           on;
+        error_log             /dev/null;
+        access_log            off;
+     }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 4ac0313..d6850e4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,7 +15,7 @@ services:
     restart: unless-stopped
     volumes:
       - ./data/nginx-relay:/usr/conf.d
-    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /usr/sbin/nginx -s reload; done & /usr/sbin/nginx -c /usr/conf.d/nginx.conf -g \"daemon off;\"'"
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /usr/sbin/nginx -s reload; done & /usr/sbin/nginx -c /usr/conf.d/${NGINX_RELAY_CONFIG:-nginx.conf} -g \"daemon off;\"'"
   certbot:
     image: certbot/certbot
     restart: unless-stopped