diff --git a/roles/webserver-legacy/nginx/files/vhosts/hypership.space/www.conf b/roles/webserver-legacy/nginx/files/vhosts/hypership.space/www.conf
index 284bb93..2a69a2b 100644
--- a/roles/webserver-legacy/nginx/files/vhosts/hypership.space/www.conf
+++ b/roles/webserver-legacy/nginx/files/vhosts/hypership.space/www.conf
@@ -1,81 +1,99 @@
 #   -------------------------------------------------------------
 #   Webserver
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Site:           hypership.space
 #   License:        Trivial work, not eligible to copyright
 #   Source file:    roles/webserver-legacy/nginx/files/vhosts/hypership.space/www.conf
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
 #       This file is managed by our rOPS SaltStack repository.
 #
 #       Changes to this file may cause incorrect behavior
 #       and will be lost if the state is redeployed.
 #   </auto-generated>
 
 #   -------------------------------------------------------------
 #   Main application
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 server {
     server_name hypership.space;
 
     include includes/tls;
     ssl_certificate /usr/local/etc/letsencrypt/live/hypership.space/fullchain.pem;
     ssl_certificate_key /usr/local/etc/letsencrypt/live/hypership.space/privkey.pem;
 
     error_log /var/log/www/hypership.space/www-error.log;
     access_log /var/log/www/hypership.space/www-access.log;
 
+    location /content {
+        return 403;
+    }
+
+    location /content/users {
+        alias /srv/zed/content/users;
+    }
+
+    location /content/scenes {
+        alias /srv/zed/content/scenes;
+
+        location ~ \.tpl$ {
+            # This folder contains templates intended to be rendered,
+            # and not directly served.
+            return 403;
+        }
+    }
+
     location / {
         return 503;
     }
 }
 
 #   -------------------------------------------------------------
 #   Redirections from port 80 and alternative domains
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 server {
     listen 80;
     listen [::]:80;
     server_name hypership.space;
 
     include includes/letsencrypt;
 
     location / {
         return 301 https://hypership.space$request_uri;
     }
 }
 
 server {
     listen 80;
     listen [::]:80;
     server_name www.hypership.space zed.dereckson.be;
 
     include includes/tls;
     ssl_certificate /usr/local/etc/letsencrypt/live/hypership.space/fullchain.pem;
     ssl_certificate_key /usr/local/etc/letsencrypt/live/hypership.space/privkey.pem;
 
     include includes/letsencrypt;
 
     location / {
         return 301 https://hypership.space$request_uri;
     }
 }
 
 #   -------------------------------------------------------------
 #   Development and staging area
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 server {
     listen 80;
     listen [::]:80;
     server_name zed51.dereckson.be;
 
     include includes/letsencrypt;
 
     location / {
        return 503;
     }
 }