diff --git a/flake.lock b/flake.lock
index f11a738..48818fe 100644
--- a/flake.lock
+++ b/flake.lock
@@ -302,6 +302,26 @@
         "type": "github"
       }
     },
+    "nurausstieg": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722174167,
+        "narHash": "sha256-u9ef1BNaXHEnuQEFgqqBLEVZqd5T/sqRBysN71gFOKg=",
+        "ref": "refs/heads/main",
+        "rev": "7f2e0febf3a430e4ba4f6cf1cf1c5ca10c5dd04d",
+        "revCount": 20,
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/nurausstieg.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/nurausstieg.git"
+      }
+    },
     "root": {
       "inputs": {
         "berlinerbaeder-exporter": "berlinerbaeder-exporter",
@@ -313,6 +333,7 @@
         "nixos-exporter": "nixos-exporter",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
+        "nurausstieg": "nurausstieg",
         "solid-xmpp-alarm": "solid-xmpp-alarm",
         "sops-nix": "sops-nix",
         "ssh-to-age": "ssh-to-age"
diff --git a/flake.nix b/flake.nix
index af9092e..d15cd4d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,6 +27,10 @@
       url = "git+https://git.clerie.de/clerie/nixos-exporter.git";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nurausstieg = {
+      url = "git+https://git.clerie.de/clerie/nurausstieg.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     solid-xmpp-alarm = {
       url = "git+https://git.clerie.de/clerie/solid-xmpp-alarm.git";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/flake/overlay.nix b/flake/overlay.nix
index 31191a3..b1bd7e3 100644
--- a/flake/overlay.nix
+++ b/flake/overlay.nix
@@ -3,6 +3,7 @@
 , bij
 , chaosevents
 , harmonia
+, nurausstieg
 , ssh-to-age
 , ...
 }@inputs:
@@ -16,6 +17,8 @@ final: prev: {
   harmonia = harmonia.packages.${final.system}.harmonia.override {
     nixForHarmonia = final.nixVersions.nix_2_21;
   };
+  inherit (nurausstieg.packages.${final.system})
+    nurausstieg;
   inherit (ssh-to-age.packages.${final.system})
     ssh-to-age;
 }
diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index 283c5be..f7567e8 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -20,6 +20,7 @@
       ./mitel-ommclient2.nix
       ./nix-install.nix
       ./nogo2024.nix
+      ./nurausstieg.nix
       ./ping.nix
       ./public.nix
       ./radicale.nix
diff --git a/hosts/web-2/nurausstieg.nix b/hosts/web-2/nurausstieg.nix
new file mode 100644
index 0000000..a3d4a2f
--- /dev/null
+++ b/hosts/web-2/nurausstieg.nix
@@ -0,0 +1,41 @@
+{ pkgs, ... }:
+
+{
+
+  systemd.tmpfiles.rules = [
+    "d /var/cache/nginx/nurausstieg - nginx nginx - -"
+  ];
+
+  services.nginx = {
+    commonHttpConfig = ''
+      proxy_cache_path /var/cache/nginx/nurausstieg levels=1:2 use_temp_path=off keys_zone=nurausstieg:1m max_size=10m;
+    '';
+
+    virtualHosts."nurausstieg.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:44384";
+        extraConfig = ''
+          proxy_cache nurausstieg;
+          # Ignore upstream cache hints
+          proxy_ignore_headers Cache-Control;
+          # Force cache 200 and 500 responses for one minute
+          proxy_cache_valid 200 500 1m;
+          # Only do a single fetch for missing entries and let other sessions wait
+          proxy_cache_lock on;
+        '';
+      };
+    };
+  };
+
+  systemd.services.nurausstieg = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      DynamicUser = true;
+    };
+    path = with pkgs; [ nurausstieg ];
+    script = "nurausstieg --listen [::1]:44384";
+  };
+
+}