diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 988ca80259..94b97727ec 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -125,6 +125,11 @@ http {
   # for the check. It is best if you enable this in a location{} block for
   # a specific directory, or on an individual server{} level.
   # gzip_static on;
+  
+  # Content type for FIDO U2F facets
+  map $uri $fido_content_type {
+    default "application/fido.trusted-apps+json";
+  }
 
   # Include files in the sites-enabled folder. server{} configuration files should be
   # placed in the sites-available folder, and then the configuration should be enabled
diff --git a/util/Setup/Program.cs b/util/Setup/Program.cs
index 5401fe08b7..559cb7ad1e 100644
--- a/util/Setup/Program.cs
+++ b/util/Setup/Program.cs
@@ -145,6 +145,13 @@ server {{
         proxy_redirect off;
     }}
 
+    location = /app-id.json {{
+        proxy_pass http://web/app-id.json;
+        proxy_hide_header Content-Type;
+        add_header Content-Type $fido_content_type;
+        proxy_redirect off;
+    }}
+
     location /api/ {{
         proxy_pass http://api/;
         proxy_set_header X-Real-IP $remote_addr;
@@ -209,6 +216,29 @@ SA_PASSWORD={dbPass}");
             }
         }
 
+        private static void BuildAppId()
+        {
+            Directory.CreateDirectory("/bitwarden/web/");
+            using(var sw = File.CreateText("/bitwarden/web/app-id.json"))
+            {
+                sw.Write($@"{{
+  ""trustedFacets"": [
+    {{
+      ""version"": {{
+        ""major"": 1,
+        ""minor"": 0
+      }},
+      ""ids"": [
+        ""{_url}"",
+        ""ios:bundle-id:com.8bit.bitwarden"",
+        ""android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI""
+      ]
+    }}
+  ]
+}}");
+            }
+        }
+
         private static IDictionary<string, string> ParseParameters()
         {
             var dict = new Dictionary<string, string>();