diff --git a/dns/nixos.org.js b/dns/nixos.org.js
index 5fc7d064..cfc53ef5 100644
--- a/dns/nixos.org.js
+++ b/dns/nixos.org.js
@@ -151,6 +151,9 @@ D("nixos.org",
 	// wiki
 	A("wiki", "65.21.240.250"),
 	AAAA("wiki", "2a01:4f9:c012:8178::"),
+	// Direct access to wiki server in Helsinki (for deployments)
+	A("he1.wiki", "65.21.240.250"),
+	AAAA("he1.wiki", "2a01:4f9:c012:8178::"),
 	DMARC_BUILDER({
 		label: "wiki",
 		policy: "none"
@@ -166,6 +169,10 @@ D("nixos.org",
 	}),
 	TXT("mail._domainkey.wiki", "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa+KjIljYr3q5MWWK7sEYzjR8OcA32zBh9BCPo6/HlY1q2ODTYsmE/FDZWpYMzM5z+ddnuGYdXia322XnZaNpZNoq1TbGYuQ5DsgAEK09CGoLuzONg3PSXTrkG7E2Sd6wstwHGJ5FHxSLKtNoWkknt9F5XAFZgXapO0w54p+BWvwIDAQAB"),
 
+	// test.wiki subdomain with Fastly
+	CNAME("test.wiki", "dualstack.v2.shared.global.fastly.net."),
+	CNAME("_acme-challenge.test.wiki", "zsz0meyel8hxoy9dtb.fastly-validations.com."),
+
 	// cloudflare pages
 	CNAME("20th", "20th-nix.pages.dev."),
 
diff --git a/terraform/wiki-test.tf b/terraform/wiki-test.tf
new file mode 100644
index 00000000..70957062
--- /dev/null
+++ b/terraform/wiki-test.tf
@@ -0,0 +1,63 @@
+locals {
+  wiki_test_domain = "test.wiki.nixos.org"
+}
+
+resource "fastly_service_vcl" "wiki-test" {
+  name        = local.wiki_test_domain
+  default_ttl = 86400
+
+  backend {
+    address               = "he1.wiki.nixos.org"
+    auto_loadbalance      = false
+    between_bytes_timeout = 10000
+    connect_timeout       = 5000
+    error_threshold       = 0
+    first_byte_timeout    = 15000
+    max_conn              = 200
+    name                  = "wiki_backend"
+    port                  = 443
+    # Shield location for Helsinki backend
+    shield            = "hel-helsinki-fi"
+    ssl_cert_hostname = "he1.wiki.nixos.org"
+    ssl_check_cert    = true
+    use_ssl           = true
+    weight            = 100
+  }
+
+  domain {
+    name = local.wiki_test_domain
+  }
+
+  # Pass through the original Host header
+  header {
+    destination = "http.Host"
+    type        = "request"
+    action      = "set"
+    name        = "Set Host Header"
+    source      = "\"wiki.nixos.org\""
+  }
+
+  logging_s3 {
+    name              = "${local.wiki_test_domain}-to-s3"
+    bucket_name       = local.fastlylogs["bucket_name"]
+    compression_codec = "zstd"
+    domain            = local.fastlylogs["s3_domain"]
+    format            = local.fastlylogs["format"]
+    format_version    = 2
+    path              = "${local.wiki_test_domain}/"
+    period            = local.fastlylogs["period"]
+    message_type      = "blank"
+    s3_iam_role       = local.fastlylogs["iam_role_arn"]
+  }
+}
+
+resource "fastly_tls_subscription" "wiki-test" {
+  domains               = [for domain in fastly_service_vcl.wiki-test.domain : domain.name]
+  configuration_id      = local.fastly_tls12_sni_configuration_id
+  certificate_authority = "lets-encrypt"
+}
+
+output "wiki_test_acme_challenge" {
+  value       = fastly_tls_subscription.wiki-test.managed_dns_challenges
+  description = "ACME challenge records for test.wiki.nixos.org - add these to DNS"
+}