diff --git a/README.md b/README.md
index 98e1554..4694cb9 100644
--- a/README.md
+++ b/README.md
@@ -73,6 +73,8 @@ matrix.server1.example.org -> IP of your server
 chat.server1.example.org -> IP of your server
 peertube.server1.example.org -> IP of your server
 social.server1.example.org -> IP of your server
+cryptpad.server1.example.org -> IP of your server
+sandbox.server1.example.org -> IP of your server
 server1.example.org -> IP of your server
 ```
 
diff --git a/conf/caddy/Caddyfile.tmpl b/conf/caddy/Caddyfile.tmpl
index 304a7be..60b38cc 100644
--- a/conf/caddy/Caddyfile.tmpl
+++ b/conf/caddy/Caddyfile.tmpl
@@ -59,6 +59,19 @@ peertube.{$DWEB_DOMAIN}, https://peertube.{$DWEB_DOMAIN} {
   reverse_proxy http://peertube-back:9000
 }
 
+(cryptpadheaders) {
+	header {
+		Strict-Transport-Security "max-age=63072000; includeSubDomains" always
+	}
+}
+cryptpad.{$DWEB_DOMAIN}, sandbox.{$DWEB_DOMAIN} {
+	reverse_proxy cryptpad:3000 {
+		header_up Host {upstream_hostport}
+		header_up Connection upgrade
+	}
+	import cryptpadheaders
+}
+
 social.{$DWEB_DOMAIN}, http://social.{$DWEB_ONION} {
 
     root * /srv/mastodon/public
diff --git a/conf/compose/cryptpad.docker-compose.yml b/conf/compose/cryptpad.docker-compose.yml
new file mode 100644
index 0000000..7e5a85d
--- /dev/null
+++ b/conf/compose/cryptpad.docker-compose.yml
@@ -0,0 +1,33 @@
+---
+networks:
+  cryptpad:
+services:
+  cryptpad:
+    image: "cryptpad/cryptpad:latest"
+    hostname: cryptpad
+
+    environment:
+      - CPAD_MAIN_DOMAIN=https://cryptpad.${DWEB_DOMAIN}
+      - CPAD_SANDBOX_DOMAIN=https://sandbox.${DWEB_DOMAIN}
+      - CPAD_CONF=/cryptpad/config/config.js
+
+      # Read and accept the license before uncommenting the following line:
+      # https://github.com/ONLYOFFICE/web-apps/blob/master/LICENSE.txt
+      - CPAD_INSTALL_ONLYOFFICE=yes
+
+    volumes:
+      - ../cryptpad/data/blob:/cryptpad/blob
+      - ../cryptpad/data/block:/cryptpad/block
+      - ../cryptpad/customize:/cryptpad/customize
+      - ../cryptpad/data/data:/cryptpad/data
+      - ../cryptpad/data/files:/cryptpad/datastore
+      - ../cryptpad/onlyoffice-dist:/cryptpad/www/common/onlyoffice/dist
+      - ../cryptpad/onlyoffice-conf:/cryptpad/onlyoffice-conf
+
+    networks:
+      - cryptpad
+
+    ulimits:
+      nofile:
+        soft: 1000000
+        hard: 1000000
diff --git a/conf/compose/docker-compose.yml b/conf/compose/docker-compose.yml
index e1ab8c0..ea00f70 100644
--- a/conf/compose/docker-compose.yml
+++ b/conf/compose/docker-compose.yml
@@ -10,6 +10,7 @@ networks:
     internal: true
   peertube:
     internal: true
+  cryptpad:
 volumes:
   caddy_data:
   caddy_config:
@@ -30,6 +31,7 @@ services:
       - synapse
       - element
       - peertube
+      - cryptpad
     ports:
       - target: 80
         published: 80
diff --git a/conf/cryptpad/.gitkeep b/conf/cryptpad/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/install.sh b/install.sh
index 97198a0..c19c230 100755
--- a/install.sh
+++ b/install.sh
@@ -164,6 +164,12 @@ peertube_config () {
 
 }
 
+cryptpad_config () {
+    mkdir -p $DCOMMS_DIR/conf/cryptpad/data/{blob,block,data,files} $DCOMMS_DIR/conf/cryptpad/customize $DCOMMS_DIR/conf/cryptpad/onlyoffice-dist $DCOMMS_DIR/conf/cryptpad/onlyoffice-conf
+    sudo chown -R 4001:4001 $DCOMMS_DIR/conf/cryptpad/*
+
+}
+
 mau_config () {
     printf "${YELLOW}## Generating mau bot config${NC}\n"
     docker run --rm --mount type=bind,src=$(readlink -f $DCOMMS_DIR/conf/mau),dst=/data dock.mau.dev/maubot/maubot:v0.3.1 1>&2  >/dev/null
@@ -225,7 +231,8 @@ main() {
       "2" "Ceno Bridge" ON \
       "3" "Maubot" OFF \
       "4" "Mastodon" OFF \
-      "5" "Peertube" OFF 3>&1 1>&2 2>&3)
+      "5" "Peertube" OFF \
+      "6" "Cryptpad" OFF 3>&1 1>&2 2>&3)
 
     if [ -z "$CHOICES" ]; then
       echo "No option was selected (user hit Cancel or unselected all options)"
@@ -261,6 +268,11 @@ main() {
             PEERTUBE=true
             DNS_RECORD="${DNS_RECORD}Peertube $(dig +short "peertube.$DWEB_DOMAIN")\n"
 	  ;;
+	"6")
+            COMPOSE_FILES+="-f ./conf/compose/cryptpad.docker-compose.yml "
+            CRYPTPAD=true
+            DNS_RECORD="${DNS_RECORD}Cryptpad $(dig +short "cryptpad.$DWEB_DOMAIN")\n"
+	  ;;
         *)
           echo "Unsupported item $CHOICE!" >&2
           exit 1
@@ -330,6 +342,10 @@ main() {
     if [[ "${PEERTUBE}" == true ]]; then
         peertube_config
     fi
+    if [[ "${CRYPTPAD}" == true ]]; then
+        cryptpad_config
+    fi
+
     echo "sudo DWEB_ONION=$DWEB_ONION DWEB_DOMAIN=$DWEB_DOMAIN DWEB_FRIENDLY_DOMAIN=$DWEB_FRIENDLY_DOMAIN docker compose $COMPOSE_FILES up -d" >> $DCOMMS_DIR/run.sh
     chmod +x $DCOMMS_DIR/run.sh
     printf "${GREEN} dComms succesfully installed! Start your services by running 'run.sh' in $DCOMMS_DIR.${NC}\n"