diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 523072ea..2f309d99 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -26,7 +26,7 @@ http {
     sendfile_max_chunk 256k;
     tcp_nopush on;
     keepalive_requests 256;
-    keepalive_timeout 3m;
+    keepalive_timeout 0;
     server_tokens off;
     msie_padding off;
 
@@ -104,8 +104,6 @@ http {
         listen 80 default_server backlog=4096;
         listen [::]:80 default_server backlog=4096;
 
-        keepalive_timeout 0;
-
         # https://trac.nginx.org/nginx/ticket/2012
         location / {
             return 404;
@@ -117,8 +115,6 @@ http {
         listen [::]:80;
         server_name grapheneos.org www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page  www.grapheneos.page vanadium.app www.vanadium.app;
 
-        keepalive_timeout 0;
-
         location /.well-known/acme-challenge/ {
             return 301 http://0.grapheneos.org$request_uri;
         }
@@ -133,8 +129,6 @@ http {
         listen [::]:80;
         server_name 0.grapheneos.org;
 
-        keepalive_timeout 0;
-
         location /.well-known/acme-challenge/ {
             root /srv/certbot;
         }
@@ -149,8 +143,6 @@ http {
         listen [::]:443 default_server ssl http2 backlog=4096;
         ssl_reject_handshake on;
 
-        keepalive_timeout 0;
-
         # https://trac.nginx.org/nginx/ticket/2012
         location / {
             return 404;
@@ -162,6 +154,8 @@ http {
         listen [::]:443 ssl http2;
         server_name www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page;
 
+        keepalive_timeout 3m;
+
         include snippets/security-headers.conf;
         add_header Cross-Origin-Resource-Policy "same-origin" always;
 
@@ -175,6 +169,8 @@ http {
         listen [::]:443 ssl http2;
         server_name vanadium.app www.vanadium.app;
 
+        keepalive_timeout 3m;
+
         include snippets/security-headers.conf;
         add_header Cross-Origin-Resource-Policy "same-origin" always;
 
@@ -192,6 +188,8 @@ http {
         error_page 403 =404 /404;
         error_page 404 /404;
 
+        keepalive_timeout 3m;
+
         open_file_cache max=2048 inactive=1d;
         open_file_cache_valid 1d;