diff --git a/vino-reverse-proxy/Dockerfile b/vino-reverse-proxy/Dockerfile
index 6b8107a..762d93f 100644
--- a/vino-reverse-proxy/Dockerfile
+++ b/vino-reverse-proxy/Dockerfile
@@ -1,11 +1,16 @@
 FROM nginx:alpine
 
+ENV USE_BASIC_AUTH="false"
 ENV BASIC_AUTH_USERNAME="username"
 ENV BASIC_AUTH_PASSWORD="password"
 
-RUN apk add --update --no-cache apache2-utils
+ENV USE_TLS="false"
+ENV TLS_CRT=""
+ENV TLS_KEY=""
 
-COPY assets/default.conf /etc/nginx/conf.d/default.conf
+RUN apk add --update --no-cache apache2-utils ;
+
+COPY assets/default.conf.tpl /default.conf.tpl
 COPY assets/entrypoint.sh /entrypoint.sh
 
 ENTRYPOINT /entrypoint.sh
diff --git a/vino-reverse-proxy/assets/default.conf b/vino-reverse-proxy/assets/default.conf.tpl
similarity index 65%
rename from vino-reverse-proxy/assets/default.conf
rename to vino-reverse-proxy/assets/default.conf.tpl
index d3fca6e..32394c4 100644
--- a/vino-reverse-proxy/assets/default.conf
+++ b/vino-reverse-proxy/assets/default.conf.tpl
@@ -1,16 +1,12 @@
 server {
-    listen       8000;
     server_name  localhost;
+    $tls_config
+
     location / {
         proxy_pass  http://localhost:5000/;
         proxy_set_header Authorization $http_authorization;
         proxy_pass_header  Authorization;
-
-        # Basic Auth
-        limit_except OPTIONS {
-            auth_basic "Restricted";
-            auth_basic_user_file "auth.htpasswd";
-        }
+        $basic_auth_config
     }
     error_page   500 502 503 504  /50x.html;
     location = /50x.html {
diff --git a/vino-reverse-proxy/assets/entrypoint.sh b/vino-reverse-proxy/assets/entrypoint.sh
index a587ac2..9b7e14d 100755
--- a/vino-reverse-proxy/assets/entrypoint.sh
+++ b/vino-reverse-proxy/assets/entrypoint.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+set -ex
+
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -12,5 +14,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-htpasswd -Bbn "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD" > /etc/nginx/auth.htpasswd
+basic_auth_config=''
+if [ "$USE_BASIC_AUTH" = "true" ]; then
+  htpasswd -Bbn "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD" > /etc/nginx/auth.htpasswd
+  basic_auth_config='
+        # Basic Auth
+        limit_except OPTIONS {
+            auth_basic "Restricted";
+            auth_basic_user_file "auth.htpasswd";
+        }'
+fi
+export basic_auth_config
+
+tls_config='listen       8000;'
+
+if [ "$USE_TLS" = "true" ]; then
+  mkdir -p /etc/ssl/certs
+  mkdir -p /etc/ssl/private
+
+  echo "$TLS_CRT" > /etc/ssl/certs/redfish-auth.crt
+  echo "$TLS_KEY" > /etc/ssl/private/redfish-auth.key
+
+  tls_config='listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    ssl_certificate /etc/ssl/certs/redfish-auth.crt;
+    ssl_certificate_key /etc/ssl/private/redfish-auth.key;'
+fi
+export tls_config
+
+vars='$basic_auth_config:$tls_config'
+envsubst "$vars" </default.conf.tpl >/etc/nginx/conf.d/default.conf
+
+cat /etc/nginx/conf.d/default.conf
+
 nginx -g 'daemon off;'