diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts
index 8966bc0e4..4885eec98 100644
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -57,7 +57,9 @@ export const orgs = pgTable("orgs", {
     settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
         .notNull()
         .default(0),
-    settingsLogRetentionDaysConnection: integer("settingsLogRetentionDaysConnection") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
+    settingsLogRetentionDaysConnection: integer(
+        "settingsLogRetentionDaysConnection"
+    ) // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
         .notNull()
         .default(0),
     sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
@@ -101,7 +103,9 @@ export const sites = pgTable("sites", {
     lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
     listenPort: integer("listenPort"),
     dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true),
-    status: varchar("status").$type<"pending" | "approved">().default("approved")
+    status: varchar("status")
+        .$type<"pending" | "approved">()
+        .default("approved")
 });
 
 export const resources = pgTable("resources", {
@@ -230,7 +234,8 @@ export const siteResources = pgTable("siteResources", {
         .references(() => orgs.orgId, { onDelete: "cascade" }),
     niceId: varchar("niceId").notNull(),
     name: varchar("name").notNull(),
-    mode: varchar("mode").$type<"host" | "cidr" | "http" | "https">().notNull(), // "host" | "cidr" | "http" | "https"
+    ssl: boolean("ssl").notNull().default(false),
+    mode: varchar("mode").$type<"host" | "cidr" | "http">().notNull(), // "host" | "cidr" | "http"
     scheme: varchar("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
     proxyPort: integer("proxyPort"), // only for port mode
     destinationPort: integer("destinationPort"), // only for port mode
diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts
index 6205d0179..7b31460f6 100644
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -54,7 +54,9 @@ export const orgs = sqliteTable("orgs", {
     settingsLogRetentionDaysAction: integer("settingsLogRetentionDaysAction") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
         .notNull()
         .default(0),
-    settingsLogRetentionDaysConnection: integer("settingsLogRetentionDaysConnection") // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
+    settingsLogRetentionDaysConnection: integer(
+        "settingsLogRetentionDaysConnection"
+    ) // where 0 = dont keep logs and -1 = keep forever and 9001 = end of the following year
         .notNull()
         .default(0),
     sshCaPrivateKey: text("sshCaPrivateKey"), // Encrypted SSH CA private key (PEM format)
@@ -258,7 +260,8 @@ export const siteResources = sqliteTable("siteResources", {
         .references(() => orgs.orgId, { onDelete: "cascade" }),
     niceId: text("niceId").notNull(),
     name: text("name").notNull(),
-    mode: text("mode").$type<"host" | "cidr" | "http" | "https">().notNull(), // "host" | "cidr" | "http" | "https"
+    ssl: integer("ssl", { mode: "boolean" }).notNull().default(false),
+    mode: text("mode").$type<"host" | "cidr" | "http">().notNull(), // "host" | "cidr" | "http"
     scheme: text("scheme").$type<"http" | "https">(), // only for when we are doing https or http mode
     proxyPort: integer("proxyPort"), // only for port mode
     destinationPort: integer("destinationPort"), // only for port mode
diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts
index 437643be4..99db6810e 100644
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -36,7 +36,8 @@ const createSiteResourceParamsSchema = z.strictObject({
 const createSiteResourceSchema = z
     .strictObject({
         name: z.string().min(1).max(255),
-        mode: z.enum(["host", "cidr", "http", "https"]),
+        mode: z.enum(["host", "cidr", "http"]),
+        ssl: z.boolean().optional(), // only used for http mode
         siteId: z.int(),
         scheme: z.enum(["http", "https"]).optional(),
         // proxyPort: z.int().positive().optional(),
@@ -64,8 +65,7 @@ const createSiteResourceSchema = z
         (data) => {
             if (
                 data.mode === "host" ||
-                data.mode == "http" ||
-                data.mode == "https"
+                data.mode == "http"
             ) {
                 if (data.mode == "host") {
                     // Check if it's a valid IP address using zod (v4 or v6)
@@ -172,6 +172,7 @@ export async function createSiteResource(
             destinationPort,
             destination,
             enabled,
+            ssl,
             alias,
             userIds,
             roleIds,
@@ -262,7 +263,7 @@ export async function createSiteResource(
 
         const niceId = await getUniqueSiteResourceName(orgId);
         let aliasAddress: string | null = null;
-        if (mode === "host" || mode === "http" || mode === "https") {
+        if (mode === "host" || mode === "http") {
             aliasAddress = await getNextAvailableAliasAddress(orgId);
         }
 
@@ -275,6 +276,7 @@ export async function createSiteResource(
                 orgId,
                 name,
                 mode,
+                ssl,
                 destination,
                 scheme,
                 destinationPort,
diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts
index 22e57383c..bb0239478 100644
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -51,7 +51,8 @@ const updateSiteResourceSchema = z
             )
             .optional(),
         // mode: z.enum(["host", "cidr", "port"]).optional(),
-        mode: z.enum(["host", "cidr", "http", "https"]).optional(),
+        mode: z.enum(["host", "cidr", "http"]).optional(),
+        ssl: z.boolean().optional(),
         scheme: z.enum(["http", "https"]).nullish(),
         // proxyPort: z.int().positive().nullish(),
         destinationPort: z.int().positive().nullish(),
@@ -78,8 +79,7 @@ const updateSiteResourceSchema = z
         (data) => {
             if (
                 (data.mode === "host" ||
-                    data.mode == "http" ||
-                    data.mode == "https") &&
+                    data.mode == "http") &&
                 data.destination
             ) {
                 if (data.mode == "host") {
@@ -186,6 +186,7 @@ export async function updateSiteResource(
             destination,
             destinationPort,
             alias,
+            ssl,
             enabled,
             userIds,
             roleIds,
@@ -356,6 +357,7 @@ export async function updateSiteResource(
                         niceId,
                         mode,
                         scheme,
+                        ssl,
                         destination,
                         destinationPort,
                         enabled,
@@ -461,6 +463,7 @@ export async function updateSiteResource(
                         siteId: siteId,
                         mode: mode,
                         scheme,
+                        ssl,
                         destination: destination,
                         destinationPort: destinationPort,
                         enabled: enabled,