diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -30,4 +30,7 @@
 
 docker_containers:
    equatower:
-    - jenkins # CD
+     # CD
+     jenkins:
+       host: cd.nasqueron.org
+       app_port: 38080
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -6,7 +6,7 @@
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
+{% set containers = salt['node.filter_by_name']('docker_containers') %}
 
 include:
 {% for container in containers %}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/config.sls
@@ -0,0 +1,40 @@
+#   -------------------------------------------------------------
+#   Salt — Provision Docker engine
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   Created:        2018-03-16
+#   License:        Trivial work, not eligible to copyright
+#   -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+
+#   -------------------------------------------------------------
+#   includes folder
+#
+#    :: general configuration
+#    :: application-specific code
+#   -------------------------------------------------------------
+
+{{ dirs.etc }}/nginx/includes:
+  file.recurse:
+    - source: salt://roles/paas-docker/nginx/files/includes
+    - dir_mode: 755
+    - file_mode: 644
+
+#   -------------------------------------------------------------
+#   vhosts folder
+#   -------------------------------------------------------------
+
+{% for container, args in containers.items() %}
+
+{{ dirs.etc }}/nginx/vhosts/{{ container }}.conf:
+  file.managed:
+    - source: salt://roles/paas-docker/nginx/files/vhosts/{{ container }}.conf
+    - mode: 644
+    - template: jinja
+    - context:
+        fqdn: {{ args['host'] }}
+        app_port: {{ args['app_port'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/includes/letsencrypt b/roles/paas-docker/nginx/files/includes/letsencrypt
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/letsencrypt
@@ -0,0 +1,20 @@
+#   -------------------------------------------------------------
+#   Configuration for Let's encrypt nginx
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Author:         Sébastien Santoro aka Dereckson
+#   Created:        2016-01-05
+#   Description:    Get SSL certificates from Let's encrypt
+#   Source file:    roles/paas-docker/nginx/files/includes/letsencrypt
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+        location /.well-known/acme-challenge {
+            default_type text/plain;
+            root /data/letsencrypt/www;
+        }
diff --git a/roles/paas-docker/nginx/files/includes/proxy_params b/roles/paas-docker/nginx/files/includes/proxy_params
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/proxy_params
@@ -0,0 +1,48 @@
+#   -------------------------------------------------------------
+#   Configuration for Nasqueron web sites
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Author:         Sébastien Santoro aka Dereckson
+#   Created:        2018-03-16
+#   Project:        Nasqueron
+#   Description:    nginx proxy configuration
+#   License:        Trivial work, not eligible for copyright.
+#   Source file:    roles/paas-docker/nginx/files/includes/proxy_params
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+proxy_redirect off;
+
+#   -------------------------------------------------------------
+#   Headers
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+#   -------------------------------------------------------------
+#   Maximum upload size
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+client_max_body_size       10m;
+client_body_buffer_size    128k;
+
+#   -------------------------------------------------------------
+#   Other proxy parameters
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_connect_timeout      90;
+proxy_send_timeout         90;
+proxy_read_timeout         90;
+
+proxy_buffer_size          4k;
+proxy_buffers              4 32k;
+proxy_busy_buffers_size    64k;
+proxy_temp_file_write_size 64k;
diff --git a/roles/paas-docker/nginx/files/vhosts/jenkins.conf b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
@@ -0,0 +1,45 @@
+#   -------------------------------------------------------------
+#   Configuration for Docker PaaS front-end nginx
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Author:         Sébastien Santoro aka Dereckso
+#   Created:        2018-03-12
+#   Source file:    roles/paas-docker/nginx/files/vhosts/jenkins.conf
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ fqdn }};
+
+    include includes/letsencrypt;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    server_name {{ fqdn }};
+
+    include includes/tls;
+    ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+    ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+    location / {
+        proxy_redirect http:// https://;
+        proxy_pass http://localhost:{{ app_port }};
+
+        include includes/proxy_params;
+
+        # Required for new HTTP-based CLI
+        # https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
+    }
+}
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/nginx/init.sls
copy from roles/paas-docker/containers/init.sls
copy to roles/paas-docker/nginx/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/nginx/init.sls
@@ -2,13 +2,9 @@
 #   Salt — Provision Docker engine
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
-#   Created:        2018-03-11
+#   Created:        2018-03-16
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
-
 include:
-{% for container in containers %}
-  - .{{ container }}
-{% endfor %}
+  - .config