diff --git a/build/Dockerfile-control b/build/Dockerfile-control
index 17afd01..9e426c0 100644
--- a/build/Dockerfile-control
+++ b/build/Dockerfile-control
@@ -55,7 +55,7 @@ COPY tmp/admin/apply-boulder /opt/labca/
 COPY tmp/admin/static /opt/staging/static
 COPY tmp/admin/data /opt/staging/data
 COPY tmp/nginx.conf /opt/staging/
-COPY tmp/proxy.conf /opt/staging/
+COPY tmp/proxy.inc /opt/staging/
 COPY tmp/admin/apply-nginx /opt/labca/
 
 COPY tmp/bin/boulder /opt/boulder/bin/
diff --git a/build/build.sh b/build/build.sh
index 288ed04..384de27 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -40,7 +40,7 @@ BASEDIR=/go/src/github.com/letsencrypt/boulder
 docker run -v $boulderDir:$BASEDIR:cached -v $TMP_DIR/bin:$BASEDIR/bin -w $BASEDIR -e BUILD_HOST=$BUILD_HOST $BUILD_IMAGE sh -c "git config --global --add safe.directory $BASEDIR && make build"
 
 cp $cloneDir/nginx.conf $TMP_DIR/
-cp $cloneDir/proxy.conf $TMP_DIR/
+cp $cloneDir/proxy.inc $TMP_DIR/
 cp $cloneDir/utils/nameidtool.go $TMP_DIR/
 cp -rp $cloneDir/gui/* $TMP_DIR/admin/
 head -13 $cloneDir/gui/setup.sh > $TMP_DIR/admin/setup.sh
diff --git a/control_do.sh b/control_do.sh
index 044f28e..76f8246 100755
--- a/control_do.sh
+++ b/control_do.sh
@@ -46,7 +46,7 @@ setup_boulder_data() {
 setup_nginx_data() {
     rm -f /etc/nginx/conf.d/default.conf
     cp -p /opt/staging/nginx.conf /etc/nginx/conf.d/labca.conf
-    cp -p /opt/staging/proxy.conf /etc/nginx/conf.d/proxy.conf
+    cp -p /opt/staging/proxy.inc /etc/nginx/conf.d/proxy.inc
     [ -e /opt/boulder/labca/setup_complete ] && perl -i -p0e 's/\n    # BEGIN temporary redirect\n    location = \/ \{\n        return 302 \/admin\/;\n    }\n    # END temporary redirect\n//igs' /etc/nginx/conf.d/labca.conf || true
 
     cd /var/www/html
diff --git a/install b/install
index b8fb3e8..283ddb2 100755
--- a/install
+++ b/install
@@ -479,7 +479,7 @@ static_web() {
     [ -d /home/labca/nginx_data/conf.d ] || mkdir -p /home/labca/nginx_data/conf.d
     [ -d /home/labca/nginx_data/ssl ] || mkdir -p /home/labca/nginx_data/ssl
     cp $cloneDir/nginx.conf /home/labca/nginx_data/conf.d/labca.conf
-    cp $cloneDir/proxy.conf /home/labca/nginx_data/conf.d/proxy.conf
+    cp $cloneDir/proxy.inc /home/labca/nginx_data/conf.d/proxy.inc
     if [ -f "$boulderLabCADir/setup_complete" ]; then
         perl -i -p0e 's/\n    # BEGIN temporary redirect\n    location = \/ \{\n        return 302 \/admin\/;\n    }\n    # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
     fi
diff --git a/nginx.conf b/nginx.conf
index bb055b1..8a0e507 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,3 +1,6 @@
+# Include any custom http context settings from custom-base.inc if that file exists
+include conf.d/custom-base[.]inc;
+
 server {
     listen [::]:80 default_server ipv6only=off;
     server_name _;
@@ -6,6 +9,9 @@ server {
     root /var/www/html;
     index index.html index.htm index.nginx-debian.html;
 
+    # Include any custom plain-HTTP server context settings from custom.inc if that file exists
+    include conf.d/custom[.]inc;
+
     location /admin/ {
         return 301 https://$host$request_uri;
     }
@@ -15,7 +21,7 @@ server {
     }
 
     location /aia/issuer {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4001;
     }
 
@@ -24,7 +30,7 @@ server {
     }
 
     location /ocsp {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4002/;
     }
 
@@ -48,6 +54,9 @@ server {
     root /var/www/html;
     index index.html index.htm index.nginx-debian.html;
 
+    # Include any custom HTTPS server context settings from custom-ssl.inc if that file exists
+    include conf.d/custom-ssl[.]inc;
+
     location ~ ^/admin/static/(.+) {
         alias /var/www/html/$1;
     }
@@ -57,14 +66,14 @@ server {
     }
 
     location /admin/ {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_set_header X-Request-Base "/admin";
         proxy_pass http://gui:3000/;
         error_page 502 504 /502.html;
     }
 
     location /admin/ws {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_set_header X-Request-Base "/admin";
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
@@ -72,27 +81,27 @@ server {
     }
 
     location /acme/ {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4001;
     }
 
     location /directory {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4001;
     }
 
     location /build {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4001;
     }
 
     location /aia/issuer {
-        include conf.d/proxy.conf;
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4001;
     }
 
-    location /ocsp/ {
-        include conf.d/proxy.conf;
+    location /ocsp {
+        include conf.d/proxy.inc;
         proxy_pass http://boulder:4002/;
     }
 
diff --git a/proxy.conf b/proxy.inc
similarity index 100%
rename from proxy.conf
rename to proxy.inc