diff --git a/docker-compose.yml b/docker-compose.yml
index 758cd5a..be1e81f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -49,9 +49,10 @@ services:
     restart: always
     ports:
       - "80:80"
-      - "8080:8080"
+      - "443:443"
     volumes:
       - ./infrastructure/nginx/conf.d:/etc/nginx/conf.d
+      - /etc/letsencrypt:/etc/letsencrypt:ro
     depends_on:
       - api
       - web
diff --git a/infrastructure/nginx/conf.d/api.conf b/infrastructure/nginx/conf.d/api.conf
index 400bb55..bef278e 100644
--- a/infrastructure/nginx/conf.d/api.conf
+++ b/infrastructure/nginx/conf.d/api.conf
@@ -1,6 +1,15 @@
 server {
     listen 80;
-    server_name api.proselitigant.tech localhost;
+    server_name api.proselitigant.tech;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name api.proselitigant.tech;
+
+    ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem;
 
     # Security headers
     add_header X-Frame-Options DENY;
diff --git a/infrastructure/nginx/conf.d/web.conf b/infrastructure/nginx/conf.d/web.conf
index 277c6e3..2b1243b 100644
--- a/infrastructure/nginx/conf.d/web.conf
+++ b/infrastructure/nginx/conf.d/web.conf
@@ -1,6 +1,15 @@
 server {
-    listen 8080;
-    server_name proselitigant.tech localhost;
+    listen 80;
+    server_name proselitigant.tech;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name proselitigant.tech;
+
+    ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem;
 
     # Security headers
     add_header X-Frame-Options SAMEORIGIN;