diff --git a/letsencrypt/nginx/proxy-confs/drone.subdomain.conf b/letsencrypt/nginx/proxy-confs/drone.subdomain.conf
index 86727fc..d92ac6e 100644
--- a/letsencrypt/nginx/proxy-confs/drone.subdomain.conf
+++ b/letsencrypt/nginx/proxy-confs/drone.subdomain.conf
@@ -31,3 +31,41 @@ server {
 
     }
 }
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name drone-runner.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        # enable for Authelia
+        include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app drone-runner;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}