diff --git a/.infra/files/nginx.conf b/.infra/files/nginx.conf
index cf65da0..cdd6848 100644
--- a/.infra/files/nginx.conf
+++ b/.infra/files/nginx.conf
@@ -2,33 +2,6 @@ server {
     listen 80 default_server;
     listen [::]:80 default_server ipv6only=on;
 
-    listen 443 ssl;
-    listen [::]:443 ipv6only=on ssl;
-
-    ssl_certificate         /etc/letsencrypt/live/master.tus.io/fullchain.pem;
-    ssl_certificate_key     /etc/letsencrypt/live/master.tus.io/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/master.tus.io/fullchain.pem;
-
-    # Load custom parameters for Diffie Hellman key exchange to avoid the usage
-    # of common primes
-    ssl_dhparam /etc/nginx/dhparams.pem;
-
-    # Enable OCSP stapling which allows clients to verify that our certificate
-    # is not revoked without contacting the Certificate Authority by appending a
-    # CA-signed promise, that it's still valid, to the TLS handshake response.
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    # Enable SSL session cache to reduce overhead of TLS handshake. Allow nginx
-    # workers to use 5MB of memory for caching but disable session tickets as
-    # there is currently no easy way to rotate the ticket key which is not in
-    # sync with the ideals of Perfect Forward Secrecy.
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:5m;
-    ssl_session_tickets off;
-
-    server_name master.tus.io;
-
     # certbot will place the files required for the HTTP challenge in the
     # webroot under the .well-known/acme-challenge directory. Therefore we must
     # make this path publicly accessible.
diff --git a/.infra/files/tusd_linux_amd64.tar.gz b/.infra/files/tusd_linux_amd64.tar.gz
new file mode 100644
index 0000000..13506ed
Binary files /dev/null and b/.infra/files/tusd_linux_amd64.tar.gz differ