diff --git a/.nginx.conf.shared b/.nginx.conf.shared
new file mode 100644
index 0000000..f232099
--- /dev/null
+++ b/.nginx.conf.shared
@@ -0,0 +1,88 @@
+# Pass requests that don't refer directly to files in the filesystem to index.php
+location / {
+  try_files $uri $uri/ /index.php?$query_string;
+}
+
+# Forbidden Paths
+location ~* \.git {
+    return 403;
+}
+
+location ~* composer\.(lock|json)$ {
+    return 403;
+}
+
+location ~* config.php {
+    return 403;
+}
+
+location ~* flarum {
+    return 403;
+}
+
+location ~* storage/(.*)? {
+    return 403;
+}
+
+location ~* vendor/(.*)? {
+    return 403;
+}
+
+# The following directives are based on best practices from H5BP Nginx Server Configs
+# https://github.com/h5bp/server-configs-nginx
+
+# Expire rules for static content
+location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+  add_header Cache-Control "max-age=0";
+}
+
+location ~* \.(?:rss|atom)$ {
+  add_header Cache-Control "max-age=3600";
+}
+
+location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
+  add_header Cache-Control "max-age=2592000";
+  access_log off;
+}
+
+location ~* \.(?:css|js)$ {
+  add_header Cache-Control "max-age=31536000";
+  access_log off;
+}
+
+location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
+  add_header Cache-Control "max-age=2592000";
+  access_log off;
+}
+
+# Gzip compression
+gzip on;
+gzip_comp_level 5;
+gzip_min_length 256;
+gzip_proxied any;
+gzip_vary on;
+gzip_types
+    application/atom+xml
+    application/javascript
+    application/json
+    application/ld+json
+    application/manifest+json
+    application/rss+xml
+    application/vnd.geo+json
+    application/vnd.ms-fontobject
+    application/x-font-ttf
+    application/x-web-app-manifest+json
+    application/xhtml+xml
+    application/xml
+    font/opentype
+    image/bmp
+    image/svg+xml
+    image/x-icon
+    text/cache-manifest
+    text/css
+    text/plain
+    text/vcard
+    text/vnd.rim.location.xloc
+    text/vtt
+    text/x-component
+    text/x-cross-domain-policy;
diff --git a/public/.htaccess.shared b/public/.htaccess.shared
new file mode 100644
index 0000000..67e221e
--- /dev/null
+++ b/public/.htaccess.shared
@@ -0,0 +1,128 @@
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+
+  # Ensure the Authorization HTTP header is available to PHP
+  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+  RewriteRule /\.git / [F,L]
+  RewriteRule ^composer\.(lock|json)$ / [F,L]
+  RewriteRule ^config.php$ / [F,L]
+  RewriteRule ^flarum$ / [F,L]
+  RewriteRule ^storage/(.*)?$ / [F,L]
+  RewriteRule ^vendor/(.*)?$ / [F,L]
+
+  # Pass requests that don't refer directly to files in the filesystem to index.php
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteCond %{REQUEST_FILENAME} !-d
+  RewriteRule ^ index.php [QSA,L]
+</IfModule>
+
+# Disable directory listings
+Options -Indexes
+
+# MultiViews can mess up our rewriting scheme
+Options -MultiViews
+
+# The following directives are based on best practices from H5BP Apache Server Configs
+# https://github.com/h5bp/server-configs-apache
+
+# Expire rules for static content
+<IfModule mod_expires.c>
+  ExpiresActive on
+  ExpiresDefault                                      "access plus 1 month"
+  ExpiresByType text/css                              "access plus 1 year"
+  ExpiresByType application/atom+xml                  "access plus 1 hour"
+  ExpiresByType application/rdf+xml                   "access plus 1 hour"
+  ExpiresByType application/rss+xml                   "access plus 1 hour"
+  ExpiresByType application/json                      "access plus 0 seconds"
+  ExpiresByType application/ld+json                   "access plus 0 seconds"
+  ExpiresByType application/schema+json               "access plus 0 seconds"
+  ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
+  ExpiresByType application/vnd.api+json              "access plus 0 seconds"
+  ExpiresByType application/xml                       "access plus 0 seconds"
+  ExpiresByType text/calendar                         "access plus 0 seconds"
+  ExpiresByType text/xml                              "access plus 0 seconds"
+  ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
+  ExpiresByType image/x-icon                          "access plus 1 week"
+  ExpiresByType text/html                             "access plus 0 seconds"
+  ExpiresByType application/javascript                "access plus 1 year"
+  ExpiresByType application/x-javascript              "access plus 1 year"
+  ExpiresByType text/javascript                       "access plus 1 year"
+  ExpiresByType application/manifest+json             "access plus 1 week"
+  ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
+  ExpiresByType text/cache-manifest                   "access plus 0 seconds"
+  ExpiresByType text/markdown                         "access plus 0 seconds"
+  ExpiresByType audio/ogg                             "access plus 1 month"
+  ExpiresByType image/bmp                             "access plus 1 month"
+  ExpiresByType image/gif                             "access plus 1 month"
+  ExpiresByType image/jpeg                            "access plus 1 month"
+  ExpiresByType image/png                             "access plus 1 month"
+  ExpiresByType image/svg+xml                         "access plus 1 month"
+  ExpiresByType image/webp                            "access plus 1 month"
+  ExpiresByType video/mp4                             "access plus 1 month"
+  ExpiresByType video/ogg                             "access plus 1 month"
+  ExpiresByType video/webm                            "access plus 1 month"
+  ExpiresByType application/wasm                      "access plus 1 year"
+  ExpiresByType font/collection                       "access plus 1 month"
+  ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
+  ExpiresByType font/eot                              "access plus 1 month"
+  ExpiresByType font/opentype                         "access plus 1 month"
+  ExpiresByType font/otf                              "access plus 1 month"
+  ExpiresByType application/x-font-ttf                "access plus 1 month"
+  ExpiresByType font/ttf                              "access plus 1 month"
+  ExpiresByType application/font-woff                 "access plus 1 month"
+  ExpiresByType application/x-font-woff               "access plus 1 month"
+  ExpiresByType font/woff                             "access plus 1 month"
+  ExpiresByType application/font-woff2                "access plus 1 month"
+  ExpiresByType font/woff2                            "access plus 1 month"
+  ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
+</IfModule>
+
+# Gzip compression
+<IfModule mod_deflate.c>
+  <IfModule mod_filter.c>
+    AddOutputFilterByType DEFLATE "application/atom+xml" \
+                                  "application/javascript" \
+                                  "application/json" \
+                                  "application/ld+json" \
+                                  "application/manifest+json" \
+                                  "application/rdf+xml" \
+                                  "application/rss+xml" \
+                                  "application/schema+json" \
+                                  "application/vnd.geo+json" \
+                                  "application/vnd.ms-fontobject" \
+                                  "application/wasm" \
+                                  "application/x-font-ttf" \
+                                  "application/x-javascript" \
+                                  "application/x-web-app-manifest+json" \
+                                  "application/xhtml+xml" \
+                                  "application/xml" \
+                                  "font/collection" \
+                                  "font/eot" \
+                                  "font/opentype" \
+                                  "font/otf" \
+                                  "font/ttf" \
+                                  "image/bmp" \
+                                  "image/svg+xml" \
+                                  "image/vnd.microsoft.icon" \
+                                  "image/x-icon" \
+                                  "text/cache-manifest" \
+                                  "text/calendar" \
+                                  "text/css" \
+                                  "text/html" \
+                                  "text/javascript" \
+                                  "text/plain" \
+                                  "text/markdown" \
+                                  "text/vcard" \
+                                  "text/vnd.rim.location.xloc" \
+                                  "text/vtt" \
+                                  "text/x-component" \
+                                  "text/x-cross-domain-policy" \
+                                  "text/xml"
+    </IfModule>
+</IfModule>
+
+# Fix for https://httpoxy.org vulnerability
+<IfModule mod_headers.c>
+  RequestHeader unset Proxy
+</IfModule>
diff --git a/public/index.php.shared b/public/index.php.shared
new file mode 100644
index 0000000..80e5094
--- /dev/null
+++ b/public/index.php.shared
@@ -0,0 +1,26 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+$site = require 'site.php';
+
+/*
+|-------------------------------------------------------------------------------
+| Accept incoming HTTP requests
+|-------------------------------------------------------------------------------
+|
+| Every HTTP request pointed to the web server that cannot be served by simply
+| responding with one of the assets files will be sent to
+| this file. Now is the time to boot up Flarum's internal HTTP server, which
+| will try its best to interpret the request and return the appropriate
+| response, which could be a JSON document (for API responses) or a lot of HTML.
+|
+*/
+
+$server = new Flarum\Http\Server($site);
+$server->listen();
diff --git a/site.php.shared b/site.php.shared
new file mode 100644
index 0000000..6b45da3
--- /dev/null
+++ b/site.php.shared
@@ -0,0 +1,50 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+/*
+|-------------------------------------------------------------------------------
+| Load the autoloader
+|-------------------------------------------------------------------------------
+|
+| First, let's include the autoloader, which is generated automatically by
+| Composer (PHP's package manager) after installing our dependencies.
+| From now on, all classes in our dependencies will be usable without
+| explicitly loading any files.
+|
+*/
+
+require __DIR__.'/vendor/autoload.php';
+
+/*
+|-------------------------------------------------------------------------------
+| Configure the site
+|-------------------------------------------------------------------------------
+|
+| A Flarum site represents your local installation of Flarum. It can be
+| configured with a bunch of paths:
+|
+| - The *base path* is Flarum's root directory and contains important files
+|   such as config.php and extend.php.
+| - The *public path* is the directory that serves as document root for the
+|   web server. Files in this place are accessible to the public internet.
+|   This is where assets such as JavaScript files or CSS stylesheets need to
+|   be stored in a default install.
+| - The *storage path* is a place for Flarum to store files it generates during
+|   runtime. This could be caches, session data or other temporary files.
+|
+| The fully configured site instance is returned to the including script, which
+| then uses it to boot up the Flarum application and e.g. accept web requests.
+|
+*/
+
+return Flarum\Foundation\Site::fromPaths([
+    'base' => __DIR__,
+    'public' => __DIR__,
+    'storage' => __DIR__.'/storage',
+]);