diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8c81f23..e857cb6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -88,13 +88,17 @@ jobs:
               -e MS_TENANT_ID="${{ secrets.CONTAINER_MS_TENANT_ID }}" \
               -e SELF_EMAIL="${{ secrets.CONTAINER_SELF_EMAIL }}" \
               -e PORT="${{ secrets.CONTAINER_INTERNAL_PORT }}" \
+              -e TLS_ENABLED="${{ secrets.CONTAINER_TLS_ENABLED }}" \
+              -e TLS_CERT_PATH="${{ secrets.CONTAINER_INTERNAL_TLS_CERTS_DIR }}/cert.pem" \
+              -e TLS_KEY_PATH="${{ secrets.CONTAINER_INTERNAL_TLS_CERTS_DIR }}/key.pem" \
+              -v ${{ secrets.CONTAINER_EXTERNAL_TLS_CERTS_DIR }}:${{ secrets.CONTAINER_INTERNAL_TLS_CERTS_DIR }}/:Z \
               --name "${{ secrets.CONTAINER_NAME }}" \
               ${{ steps.meta.outputs.tags }}
             set -o history
       - name: Check service health
         uses: jtalk/url-health-check-action@v2
         with:
-          url: http://${{ secrets.SSH_HOST }}/health
+          url: https://${{ secrets.SSH_HOST }}/health
           follow-redirect: false
           max-attempts: 5
           retry-delay: 5s
diff --git a/.gitignore b/.gitignore
index b893983..c997a07 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ yarn-error.log*
 portfolio-website
 model/metadataitemtype_enumer.go
 server
+certs/*
diff --git a/server.go b/server.go
index f790e3c..de658db 100644
--- a/server.go
+++ b/server.go
@@ -112,5 +112,10 @@ func main() {
 		go worker.KeepAlive(time.Minute)
 	}
 
-	_ = g.Run(PORT)
+	tlsEnabled := os.Getenv("TLS_ENABLED")
+	if tlsEnabled == "true" || tlsEnabled == "1" {
+		_ = g.RunTLS(PORT, os.Getenv("TLS_CERT_PATH"), os.Getenv("TLS_KEY_PATH"))
+	} else {
+		_ = g.Run(PORT)
+	}
 }