diff --git a/nginx.conf b/nginx.conf
index c0787d5..1ea1b35 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -121,8 +121,51 @@ http {
              alias /ca/ca.crt;
         }
 
-        # @TODO: add a dynamic root path that generates instructions for usage on docker clients
-    }
+        location /setup/systemd {
+            add_header "Content-type" "text/plain" always;
+            return 200 '
+set -e 
+
+if [ ! -d /etc/systemd ]; then   
+   echo "Not a systemd system"
+   exit 1
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   echo "Must be root to change system files"
+   exit 1
+fi
+
+if [[ $(systemctl is-active --quiet docker.service) -ne 0 ]]; then
+   echo "Docker service missing"
+   exit 1
+fi
+
+mkdir -p /etc/systemd/system/docker.service.d
+cat << EOD > /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+Environment="HTTPS_PROXY=$scheme://$http_host/"
+EOD
+
+# Get the CA certificate from the proxy and make it a trusted root.
+curl $scheme://$http_host/ca.crt > /usr/share/ca-certificates/docker_registry_proxy.crt
+if fgrep -q "docker_registry_proxy.crt" /etc/ca-certificates.conf ; then
+   echo "certificate refreshed"
+else
+   echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
+fi
+
+update-ca-certificates --fresh
+
+# Reload systemd
+systemctl daemon-reload
+
+# Restart dockerd
+systemctl restart docker.service
+echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
+';
+        } # end location /setup/systemd
+    } # end server
 
 
     # The caching layer