diff --git a/app.js b/app.js
index 656c5083..d41dbfbd 100644
--- a/app.js
+++ b/app.js
@@ -203,6 +203,7 @@ app.locals.serverURL = config.serverURL
 app.locals.sourceURL = config.sourceURL
 app.locals.allowAnonymous = config.allowAnonymous
 app.locals.allowAnonymousEdits = config.allowAnonymousEdits
+app.locals.disableNoteCreation = config.disableNoteCreation
 app.locals.authProviders = {
   facebook: config.isFacebookEnable,
   twitter: config.isTwitterEnable,
diff --git a/docs/content/configuration.md b/docs/content/configuration.md
index 7a955fab..2d44b680 100644
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@@ -110,6 +110,7 @@ these are rarely used for various reasons.
 | `allowAnonymousEdits`          | `CMD_ALLOW_ANONYMOUS_EDITS`          | **`false`** or `true`                                                   | If `allowAnonymous` is `false`: allow users to select `freely` permission, allowing guests to edit existing notes (default is `false`).                                                                    |
 | `allowFreeURL`                 | `CMD_ALLOW_FREEURL`                  | **`false`** or `true`                                                   | Set to allow new note creation by accessing a nonexistent note URL. This is the behavior familiar from [Etherpad](https://github.com/ether/etherpad-lite).                                                 |
 | `requireFreeURLAuthentication` | `CMD_REQUIRE_FREEURL_AUTHENTICATION` | **`false`** or `true`                                                   | Set to require authentication for FreeURL mode style note creation.                                                                                                                                        |
+| `disableNoteCreation`          | `CMD_DISABLE_NOTE_CREATION`          | **`false`** or `true`                                                   | Set to `true` to disallow any person to create notes.                                                                                                |
 | `defaultPermission`            | `CMD_DEFAULT_PERMISSION`             | **`editable`**, `freely`, `limited`, `locked`, `protected` or `private` | Set notes default permission (only applied on signed-in users).                                                                                                                                            |
 | `sessionName`                  |                                      | **`connect.sid`**                                                       | Cookie session name.                                                                                                                                                                                       |
 | `sessionLife`                  | `CMD_SESSION_LIFE`                   | **`14 * 24 * 60 * 60 * 1000`**, `1209600000` (14 days)                  | Cookie session life time in milliseconds.                                                                                                                                                                  |
diff --git a/lib/config/default.js b/lib/config/default.js
index f7df8f99..d038e531 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -35,6 +35,7 @@ module.exports = {
   allowAnonymousEdits: false,
   allowFreeURL: false,
   requireFreeURLAuthentication: false,
+  disableNoteCreation: false,
   forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api', 'build', 'css', 'docs', 'fonts', 'js', 'uploads', 'vendor', 'views'],
   defaultPermission: 'editable',
   dbURL: '',
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 31f3c6fc..da50a660 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -33,6 +33,7 @@ module.exports = {
   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
   requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
+  disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION),
   forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS),
   defaultPermission: process.env.CMD_DEFAULT_PERMISSION,
   dbURL: process.env.CMD_DB_URL,
diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js
index 6626782e..9ac081b5 100644
--- a/lib/web/note/controller.js
+++ b/lib/web/note/controller.js
@@ -82,6 +82,9 @@ exports.showNote = function (req, res, next) {
 }
 
 exports.createFromPOST = function (req, res, next) {
+  if (config.disableNoteCreation) {
+    return errors.errorForbidden(res)
+  }
   let body = ''
   if (req.body && req.body.length > config.documentMaxLength) {
     return errors.errorTooLong(res)
diff --git a/lib/web/note/util.js b/lib/web/note/util.js
index 6604ea35..7be117bd 100644
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@@ -19,7 +19,11 @@ exports.findNote = function (req, res, callback, include = null, createIfNotFoun
       include: include || null
     }).then(function (note) {
       if (!note && createIfNotFound) {
-        return exports.newNote(req, res, '')
+        if (config.disableNoteCreation) {
+          return errors.errorNotFound(res)
+        } else {
+          return exports.newNote(req, res, '')
+        }
       }
       if (!note && !createIfNotFound) {
         return errors.errorNotFound(res)
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index 24d8e0c9..f9e65c9a 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -4,6 +4,7 @@
 
 ### Enhancements
 - Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports.
+- Add `disableNoteCreation` config option for read-only instances
 
 ### Bugfixes
 - Fix a crash when having numeric-only values in opengraph frontmatter
diff --git a/public/views/hedgedoc/header.ejs b/public/views/hedgedoc/header.ejs
index ff58f172..141959eb 100644
--- a/public/views/hedgedoc/header.ejs
+++ b/public/views/hedgedoc/header.ejs
@@ -22,8 +22,10 @@
                 <i class="fa fa-caret-down"></i>
             </a>
             <ul class="dropdown-menu list" role="menu" aria-labelledby="menu">
+                <% if (!disableNoteCreation) { %>
                 <li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- serverURL %>/new" target="_blank" rel="noopener"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
                 </li>
+                <% } %>
                 <li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
                 </li>
                 <li class="divider"></li>
@@ -112,11 +114,13 @@
             </li>
         </ul>
         <ul class="nav navbar-nav navbar-right" style="padding:0;">
+            <% if (!disableNoteCreation) { %>
             <li>
                 <a href="<%- serverURL %>/new" target="_blank" rel="noopener" class="ui-new">
                     <i class="fa fa-plus"></i> <%= __('New') %>
                 </a>
             </li>
+            <% } %>
             <li>
                 <a href="#" target="_blank" rel="noopener" class="ui-publish">
                     <i class="fa fa-share-square-o"></i> <%= __('Publish') %>
diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs
index 814ac49c..41f37015 100644
--- a/public/views/index/body.ejs
+++ b/public/views/index/body.ejs
@@ -12,7 +12,7 @@
                             <li class="ui-history<% if(signin) { %> active<% } %>"><a href="#"><%= __('History') %></a>
                             </li>
                             <div class="ui-signin" style="float: right; margin-top: 8px;<% if(signin) { %> display: none;<% } %>">
-                                <% if (allowAnonymous) { %>
+                                <% if (allowAnonymous && !disableNoteCreation) { %>
                                 <a type="button" href="<%- serverURL %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New guest note') %></a>
                                 <% } %>
                                 <% if (authProviders.facebook || authProviders.twitter || authProviders.github || authProviders.gitlab || authProviders.mattermost || authProviders.dropbox || authProviders.google || authProviders.ldap || authProviders.saml || authProviders.oauth2 || authProviders.email) { %>
@@ -20,7 +20,9 @@
                                 <% } %>
                             </div>
                             <div class="ui-signout" style="float: right; margin-top: 8px;<% if(!signin) { %> display: none;<% } %>">
+                                <% if (!disableNoteCreation) { %>
                                 <a type="button" href="<%- serverURL %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New note') %></a>
+                                <% } %>
                                 <span class="ui-profile dropdown pull-right">
                                     <button id="profileLabel" class="btn btn-sm btn-link ui-profile-label" style="padding-right: 0;" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                                         <img class="ui-avatar" width="20" height="20"><span class="hidden-xs hidden-sm">&ensp;<span class="ui-name"></span></span>&ensp;<i class="fa fa-caret-down"></i>