diff --git a/seed/nginx-common/dictionaries/21_nginx.xml b/seed/nginx-common/dictionaries/21_nginx.xml
index 0ab1a52..0d34c37 100644
--- a/seed/nginx-common/dictionaries/21_nginx.xml
+++ b/seed/nginx-common/dictionaries/21_nginx.xml
@@ -11,8 +11,8 @@
       <file engine="none" source="sysusers.nginx.conf" filelist="nginx_fedora">/sysusers.d/nginx.conf</file>
       <file source="tmpfiles.nginx.conf">/tmpfiles.d/nginx.conf</file>
       <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
-      <file filelist="nginx_default_https" mode="600">/etc/pki/tls/certs/nginx.crt</file>
-      <file filelist="nginx_default_https" mode="600">/etc/pki/tls/private/nginx.key</file>
+      <file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.crt">revprox_crt_file</file>
+      <file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.key">revprox_key_file</file>
       <file>/tests/nginx-common.yml</file>
     </service>
   </services>
@@ -38,6 +38,10 @@
         <value>32</value>
       </variable>
       <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
+      <variable name="revprox_crt_file" type="filename" description="Reverse proxy cert filename" hidden="True"/>
+      <variable name="revprox_key_file" type="filename" description="Reverse proxy key filename" hidden="True"/>
+      <variable name="nginx_owner" type="unix_user" description="Nginx process owner" mandatory="True" hidden="True"/>
+      <variable name="nginx_group" type="unix_user" description="Nginx process group" mandatory="True" hidden="True"/>
     </family>
   </variables>
   <constraints>
@@ -45,8 +49,6 @@
       <param>Fedora</param>
       <target type="filelist">nginx_fedora</target>
       <target>nginx_default</target>
-      <target>nginx_default_http</target>
-      <target>nginx_default_https</target>
     </condition>
     <condition name="disabled_if_in" source="nginx_default">
       <param type="nil"/>
@@ -62,5 +64,31 @@
       <param name="join">/</param>
       <target>revprox_ca_file</target>
     </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_cert_directory</param>
+      <param>nginx.crt</param>
+      <param name="join">/</param>
+      <target>revprox_crt_file</target>
+    </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_key_directory</param>
+      <param>nginx.key</param>
+      <param name="join">/</param>
+      <target>revprox_key_file</target>
+    </fill>
+    <fill name="calc_value">
+      <param>nginx</param>
+      <param name="default">www-data</param>
+      <param name="condition" type="variable">os_name</param>
+      <param name="expected">Fedora</param>
+      <target>nginx_owner</target>
+    </fill>
+    <fill name="calc_value">
+      <param>nginx</param>
+      <param name="default">adm</param>
+      <param name="condition" type="variable">os_name</param>
+      <param name="expected">Fedora</param>
+      <target>nginx_group</target>
+    </fill>
   </constraints>
 </rougail>
diff --git a/seed/nginx-common/templates/nginx.conf b/seed/nginx-common/templates/nginx.conf
index b8cf422..ddb9d6e 100644
--- a/seed/nginx-common/templates/nginx.conf
+++ b/seed/nginx-common/templates/nginx.conf
@@ -27,11 +27,9 @@ events {
 }
 
 http {
-%if %%os_name == 'Fedora'
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
-%end if
     #GNUNUX    access_log  /var/log/nginx/access.log  main;
     #>GNUNUX
     access_log syslog:server=unix:/dev/log combined;
@@ -51,8 +49,7 @@ http {
     # See http://nginx.org/en/docs/ngx_core_module.html#include
     # for more information.
     include /etc/nginx/conf.d/*.conf;
-%if %%os_name == 'Fedora'
- %if %%nginx_default_http
+%if %%nginx_default_http
     server {
         listen       80;
         listen       [::]:80;
@@ -70,36 +67,38 @@ http {
         location = /50x.html {
         }
     }
- %end if
+%end if
 # Settings for a TLS enabled server.
 #
- %if %%nginx_default_https
+%if %%nginx_default_https
     server {
         listen       443 ssl http2;
-  %if %%getVar('revprox_client_external_domainnames', None)
-   %for %%domain in %%revprox_client_external_domainnames
+ %if %%getVar('revprox_client_external_domainnames', None)
+  %for %%domain in %%revprox_client_external_domainnames
         server_name %%domain;
-   %end for
-  %else
+  %end for
+ %else
         server_name  _;
-  %end if
+ %end if
         root         %%nginx_root;
 
         # ssl_certificate "/etc/pki/nginx/server.crt";
         # ssl_certificate_key "/etc/pki/nginx/private/server.key";
-        ssl_certificate              /etc/pki/tls/certs/nginx.crt;
-        ssl_certificate_key          /etc/pki/tls/private/nginx.key;
-  %if %%getVar('revprox_client_external_domainnames', None)
+        ssl_certificate              %%revprox_crt_file;
+        ssl_certificate_key          %%revprox_key_file;
+ %if %%getVar('revprox_client_external_domainnames', None)
         ssl_client_certificate       %%revprox_ca_file;
-  %else
+ %else
         ssl_client_certificate       /etc/pki/ca-trust/source/anchors/ca_HTTP.crt;
-  %end if
+ %end if
 
         ssl_session_cache shared:SSL:1m;
         ssl_session_timeout  10m;
+
+ %if %%os_name == 'Fedora'
         ssl_ciphers PROFILE=SYSTEM;
         ssl_prefer_server_ciphers on;
-
+ %end if
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
@@ -111,11 +110,6 @@ http {
         location = /50x.html {
         }
     }
- %end if
-%else
-    include /etc/nginx/sites-enabled/*;
 %end if
-%if not %%getVar('revprox_client_external_domainnames', None)
     include /etc/nginx/sites-enabled/*;
-%end if
 }
diff --git a/seed/nginx-common/templates/tmpfiles.nginx.conf b/seed/nginx-common/templates/tmpfiles.nginx.conf
index 310157f..b8b1e47 100644
--- a/seed/nginx-common/templates/tmpfiles.nginx.conf
+++ b/seed/nginx-common/templates/tmpfiles.nginx.conf
@@ -1,9 +1,2 @@
 # this directory is not used, but must be created
-%if %%os_name == 'Fedora'
- %set %%usr = "nginx"
- %set %%grp = %%usr
-%else
- %set %%usr = "www-data"
- %set %%grp = "adm"
-%end if
-d /var/log/nginx/ 0750 %%usr %%grp -
+d /var/log/nginx/ 0750 %%nginx_owner %%nginx_group -
diff --git a/seed/nginx-https/applicationservice.yml b/seed/nginx-https/applicationservice.yml
index f809754..e163e06 100644
--- a/seed/nginx-https/applicationservice.yml
+++ b/seed/nginx-https/applicationservice.yml
@@ -1,5 +1,5 @@
 format: '0.1'
-description: Nginx as reverse proxy
+description: Nginx as HTTPS web site
 depends:
   - nginx-common
   - reverse-proxy-client