diff --git a/chef/cookbooks/common/files/default/iptables b/chef/cookbooks/common/files/default/iptables
index 7fa13a0aa..345df7a19 100644
--- a/chef/cookbooks/common/files/default/iptables
+++ b/chef/cookbooks/common/files/default/iptables
@@ -16,7 +16,7 @@
 #HTTPS
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT  
 #Resque-Web
--A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5678 -j ACCEPT  
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7894 -j ACCEPT  
 #Websocket
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 
 #Crossdomain policy file for Flash sockets
diff --git a/chef/cookbooks/common/templates/default/nginx.conf.erb b/chef/cookbooks/common/templates/default/nginx.conf.erb
index e294d4907..c06963b53 100644
--- a/chef/cookbooks/common/templates/default/nginx.conf.erb
+++ b/chef/cookbooks/common/templates/default/nginx.conf.erb
@@ -36,6 +36,10 @@ http {
   <% end %>
   }
 
+  upstream resque_web {
+    server localhost:5678;
+  }
+
   server {
    listen       843;
 
@@ -51,6 +55,23 @@ http {
 
   }
 
+  server {
+   listen  7894;
+   server_name  <%= @url %>  www.<%= @url %>;
+
+   auth_basic "Restricted";
+   auth_basic_user_file  htpasswd;
+
+   ssl on;
+   ssl_certificate      /usr/local/nginx/conf/diaspora.crt;
+   ssl_certificate_key  /usr/local/nginx/conf/diaspora.key;
+
+   location / {
+      proxy_set_header Host $http_host;
+      proxy_pass http://resque_web;
+   }
+  }
+
   server {
    listen       80;
    server_name  <%= @url %>  www.<%= @url %>;