diff --git a/Dockerfile b/Dockerfile
index f84e108..3021e4e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,7 +29,11 @@ ENV EW_USERNAME=admin \
     EW_PASSWORD=admin \
     EW_DB=/data/machines.json \
     EW_PRODUCTIVE=true \
-    EW_FORCEINSECURECOOKIE=false
+    EW_FORCEINSECURECOOKIE=false \
+    HTTP_PORT=8080 \
+    HTTP_TLS=false \
+    HTTP_TLS_CERTIFICATE=./server-cert.pem \
+    HTTP_TLS_PRIVATEKEY=./server-key.pem
 
 
 ENTRYPOINT ["/bin/edgewol"]
\ No newline at end of file
diff --git a/main.go b/main.go
index d875d00..9b4272a 100644
--- a/main.go
+++ b/main.go
@@ -41,10 +41,14 @@ import (
 )
 
 var (
-	username       = GetENV("EW_USERNAME", "root")
-	password       = GetENV("EW_PASSWORD", "root")
-	productive     = Enabled("EW_PRODUCTIVE", false)
-	hashedPassword = ""
+	HTTP_PORT            string = "8080"
+	HTTP_TLS             bool   = false
+	HTTP_TLS_PRIVATEKEY  string = ""
+	HTTP_TLS_CERTIFICATE string = ""
+	username                    = GetENV("EW_USERNAME", "root")
+	password                    = GetENV("EW_PASSWORD", "root")
+	productive                  = Enabled("EW_PRODUCTIVE", false)
+	hashedPassword              = ""
 )
 
 var (
@@ -191,6 +195,11 @@ func main() {
 		dbPath = "./machines.json"
 	}
 
+	HTTP_PORT = GetENV("HTTP_PORT", "8080")
+	HTTP_TLS = Enabled("HTTP_TLS", true)
+	HTTP_TLS_CERTIFICATE = GetENV("HTTP_TLS_CERTIFICATE", "./server-cert.pem")
+	HTTP_TLS_PRIVATEKEY = GetENV("HTTP_TLS_PRIVATEKEY", "./server-key.pem")
+
 	loadMachines()
 
 	// Save on SIGINT/SIGTERM.
@@ -315,15 +324,18 @@ func main() {
 	http.HandleFunc("/add", addHandler)
 	http.HandleFunc("/remove", removeHandler)
 
-	addr := os.Getenv("LISTEN")
-	if addr == "" {
-		addr = ":8080"
+	if HTTP_TLS {
+		log.Printf("WoL server listening on %s (DB: %s)", ":"+HTTP_PORT, dbPath)
+		if err := http.ListenAndServeTLS(":"+HTTP_PORT, HTTP_TLS_CERTIFICATE, HTTP_TLS_PRIVATEKEY, nil); err != nil {
+			log.Fatalf("http server error: %v", err)
+		}
+	} else {
+		log.Printf("WoL server listening on %s (DB: %s)", ":"+HTTP_PORT, dbPath)
+		if err := http.ListenAndServe(":"+HTTP_PORT, nil); err != nil {
+			log.Fatalf("http server error: %v", err)
+		}
 	}
 
-	log.Printf("WoL server listening on %s (DB: %s)", addr, dbPath)
-	if err := http.ListenAndServe(addr, nil); err != nil {
-		log.Fatalf("http server error: %v", err)
-	}
 }
 
 // ========= persistence =========