diff --git a/cmd/policygen/linkerd_generator.go b/cmd/policygen/linkerd_generator.go
index 5a1acd4..615f78d 100644
--- a/cmd/policygen/linkerd_generator.go
+++ b/cmd/policygen/linkerd_generator.go
@@ -49,6 +49,18 @@ func (g LinkerdPolicyGenerator) GenerateCommunicationRule(
 		return err
 	}
 
+	// and the server resources
+	fmt.Fprintf(os.Stderr, "Server %s/%s\n",
+		app.Namespace.Name, app.Name)
+	template = g.policyTemplates.PredefineApplicationPolicyTemplate("linkerd", "server")
+	if template == nil {
+		return fmt.Errorf("Could not find meshtlsauthentication template")
+	}
+	err = template.Execute(writer, app)
+	if err != nil {
+		return err
+	}
+
 	if len(ingress.Applications)+
 		len(ingress.Networks)+
 		len(egress.Applications)+
diff --git a/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml b/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml
index 43c276f..b16b44c 100644
--- a/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml
+++ b/cmd/policygen/templates/linkerd/application/meshtlsauthentication.yaml
@@ -14,4 +14,4 @@ spec:
   {{- else }}
     fail (printf "no service accounts defined for app %s" .Name )
   {{- end}}
-  
+
diff --git a/cmd/policygen/templates/linkerd/application/server.yaml b/cmd/policygen/templates/linkerd/application/server.yaml
new file mode 100644
index 0000000..72e1380
--- /dev/null
+++ b/cmd/policygen/templates/linkerd/application/server.yaml
@@ -0,0 +1,16 @@
+{{- range $port := .Ports }}
+{{- if or (eq $port.Protocol "TCP") (not $port.Protocol) }}
+---
+apiVersion: policy.linkerd.io/v1beta1
+kind: Server
+metadata:
+  name: {{ $.Name }}-p{{ $port.Port }}
+  namespace: {{ $.Namespace.Name }}
+spec:
+  podSelector:
+    matchLabels: {{ $.MatchLabels | toJson }}
+    matchExpressions: {{ $.MatchExpressions | toJson }}
+  port: {{ $port.Port }}
+  #proxyProtocol: "HTTP/2"
+{{- end }}
+{{- end }}
diff --git a/example/config.yaml b/example/config.yaml
index 295662b..e8196de 100644
--- a/example/config.yaml
+++ b/example/config.yaml
@@ -22,6 +22,7 @@ namespaces:
       - name: openapp
         ports:
           - port: 100
+            protocol: TCP
         serviceAccounts:
           - xyz