diff --git a/README.md b/README.md
index 3f7c812..1c7d9d6 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,28 @@ cd nodock
 docker-compose up -d
 ```
 
+## Allow HTTPS
+
+By default HTTPS is disabled. To enable it, you may use the following settings
+
+```
+# docker-compose.override.yml
+
+version: '2'
+
+services:
+    nginx:
+        build:
+            args:
+                web_ssl: "true" # defaults to "false"
+                self_signed: "true" # defaults to "false"
+```
+
+`self_signed: "true"` will generate the necessary files, do note that `self_signed: "true"` as no effect if `web_ssl: "false"`
+
+If you want to use your own: leave `self_signed: "false"`, add the certificate to `nginx/certs/cacert.pem` and the private key to `nginx/certs/privkey.pem`.
+
+
 ## Running multiple node containers
 To add more node containers, simply add the following to your `docker-compose.override.yml` or environment specific docker-compose file.
 ```
diff --git a/docker-compose.yml b/docker-compose.yml
index 0d9a78d..a858f69 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -36,10 +36,13 @@ services:
             context: ./nginx
             args:
                 web_reverse_proxy_port: "8000"
+                web_ssl: "false"
+                self_signed: "false"
         volumes_from:
             - volumes
         ports:
             - "80:80"
+            - "443:443"
         links:
             - node
         extra_hosts:
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index 4896329..45d62a7 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -3,15 +3,24 @@ FROM nginx:1.11
 RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf
 ADD nginx.conf /etc/nginx/
 
+COPY scripts /root/scripts/
+COPY certs/* /etc/ssl/
+
 COPY sites/*.template /etc/nginx/templates/
 COPY sites/*.conf /etc/nginx/sites-available/
 
 ARG web_reverse_proxy_port
+ARG web_ssl
+ARG self_signed
 
 ENV WEB_REVERSE_PROXY_PORT=$web_reverse_proxy_port
+ENV WEB_SSL=$web_ssl
+ENV SELF_SIGNED=$self_signed
 
 RUN for template in /etc/nginx/templates/*.template; do\
         envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf"\
     ;done;
 
+RUN /bin/bash /root/scripts/web-ssl.sh
+
 CMD nginx
diff --git a/nginx/certs/.gitignore b/nginx/certs/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/nginx/certs/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/nginx/scripts/web-ssl.sh b/nginx/scripts/web-ssl.sh
new file mode 100644
index 0000000..00d8501
--- /dev/null
+++ b/nginx/scripts/web-ssl.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ "$WEB_SSL" = "false" ]; then
+    rm /etc/nginx/sites-available/node-https.template.conf
+else
+    if [ "$SELF_SIGNED" = "true" ]; then
+        openssl req \
+            -new \
+            -newkey rsa:4096 \
+            -days 1095 \
+            -nodes \
+            -x509 \
+            -subj "/C=FK/ST=Fake/L=Fake/O=Fake/CN=0.0.0.0" \
+            -keyout /etc/ssl/privkey.pem \
+            -out /etc/ssl/cacert.pem
+        chown www-data:www-data /etc/ssl/cacert.pem
+        chown www-data:www-data /etc/ssl/privkey.pem
+    fi
+fi
diff --git a/nginx/sites/node-https.template b/nginx/sites/node-https.template
new file mode 100644
index 0000000..0338faa
--- /dev/null
+++ b/nginx/sites/node-https.template
@@ -0,0 +1,13 @@
+# environment variables
+# WEB_REVERSE_PROXY_PORT ${WEB_REVERSE_PROXY_PORT}
+server {
+    listen 443 default_server http2;
+
+    ssl on;
+    ssl_certificate /etc/ssl/cacert.pem;
+    ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location / {
+        proxy_pass http://node:${WEB_REVERSE_PROXY_PORT};
+    }
+}