diff --git a/Dockerfile b/Dockerfile
index 2ed1ce6..9411887 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,20 @@ RUN ["apk", "update"]
 RUN ["apk", "add hugo"]
 ADD . /root/
 WORKDIR /root
-ARG WITH_COMMENTS=0
+# pass in the uri or ip of the comments api so nginx can forward to it
+ARG COMMENTS_BACKEND
+ENV COMMENTS_BACKEND=${WITH_BACKEND}
 RUN ["hugo", "--minify"]
 
-FROM nginx:1.25
+FROM python:3.11-alpine as fiddling
+RUN ["adduser", "-h", "/application", "application"]
+# might need to chown these
+ADD ./scripts/template_convert.py /application/template_convert.py
+ADD ./nginx.conf.template /application/nginx.conf.template
+WORKDIR /application
+USER application
+RUN ["python", "/application/template_convert.py"]
 
+FROM nginx:1.25
+COPY --from=fiddling /application/nginx.conf
 RUN
diff --git a/nginx.conf.template b/nginx.conf.template
new file mode 100644
index 0000000..7572587
--- /dev/null
+++ b/nginx.conf.template
@@ -0,0 +1,27 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen       80;
+        server_name  pagwin.xyz;
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+	# weird comments around this block is so we can easily yeet it if the comments backend isn't present
+	###{---
+	location /comments {
+	    # we're going to use a python program to substitute this out
+	    proxy_pass http://${{COMMENTS_BACKEND}}
+	}
+    }
diff --git a/scripts/template_convert.py b/scripts/template_convert.py
new file mode 100644
index 0000000..e69de29