diff --git a/README.md b/README.md
index 63079ad..f4252a8 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@
    * [Extending the base images](#extending-the-base-images)
    * [Applying patches](#applying-patches)
 * [Debugging with pdb](#pdb)
+* [NGINX](#nginx)
 * [Known Issues](#known-issues)
 
 
@@ -24,6 +25,7 @@ The non-CKAN images are as follows:
 * PostgreSQL: Official PostgreSQL image. Database files are stored in a named volume.
 * Solr: CKAN's [pre-configured Solr image](https://github.com/ckan/ckan-solr). Index data is stored in a named volume.
 * Redis: standard Redis image
+* NGINX: latest stable nginx image
 
 The site is configured via env vars (the base CKAN image loads [ckanext-envvars](https://github.com/okfn/ckanext-envvars)), that you can set in the `.env` file.
 
@@ -149,6 +151,10 @@ Debug with pdb (example) - Interact with `docker attach $(docker container ls -q
 
 command: `python -m pdb /usr/lib/ckan/venv/bin/ckan --config /srv/app/ckan.ini run --host 0.0.0.0 --passthrough-errors`
 
+## NGINX
+
+* The base Docker Compose configuration uses an NGINX image as the front-end (ie: reverse proxy). It includes HTTPS running on port number 443. A "self-signed" SSL certificate is generated beforehand and the server certificate and key files are included. The NGINX server_name directive and the CN field in the SSL certificate have been both ser to 'localhost'. This should obviously not be used for production.
+
 ## Known Issues
 
 * Running the tests: Running the tests for CKAN or an extension inside the container will delete your current database. We need to patch CKAN core in our image to work around that.
diff --git a/ckan/Dockerfile b/ckan/Dockerfile
index 1d55f71..8ece5bb 100644
--- a/ckan/Dockerfile
+++ b/ckan/Dockerfile
@@ -9,4 +9,4 @@ RUN echo ${TZ} > /etc/timezone
 # Make sure both files are not exactly the same
 RUN if ! [ /usr/share/zoneinfo/${TZ} -ef /etc/localtime ]; then \
         cp /usr/share/zoneinfo/${TZ} /etc/localtime ;\
-    fi ;
\ No newline at end of file
+    fi ;
diff --git a/docker-compose.yml b/docker-compose.yml
index eb17dc6..d591039 100755
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,7 +18,8 @@ services:
       ckan:
         condition: service_healthy
     ports:
-      - "0.0.0.0:81:80"
+      - "0.0.0.0:80:80"
+      - "0.0.0.0:443:443"
     
   ckan:
     container_name: ${CKAN_CONTAINER_NAME}
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index d9bfe10..8abad79 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -6,4 +6,7 @@ COPY setup/nginx.conf ${NGINX_DIR}/nginx.conf
 COPY setup/index.html /usr/share/nginx/html/index.html
 COPY setup/default.conf ${NGINX_DIR}/conf.d/
 
+RUN mkdir -p ${NGINX_DIR}/certs
+COPY setup/ckan-local.* ${NGINX_DIR}/certs/
+
 EXPOSE 81
\ No newline at end of file
diff --git a/nginx/setup/ckan-local.crt b/nginx/setup/ckan-local.crt
new file mode 100644
index 0000000..aa662a1
--- /dev/null
+++ b/nginx/setup/ckan-local.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJDCCAwwCCQCIrp/bc6dLYjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJE
+RTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xDzANBgNVBAoMBkJl
+cmxpbjESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDgxNTEzMDA0NFoXDTIzMDgx
+NTEzMDA0NFowVDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UE
+BwwGQmVybGluMQ8wDQYDVQQKDAZCZXJsaW4xEjAQBgNVBAMMCWxvY2FsaG9zdDCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK9VUkEY9A+aM9AXwWIS0MTQ
+oiFS5p4rFlSH4UNuqRfWP7F4n+/QF/Zaky6lX7drkLGFWT7qde2ePum90YMhx/9V
+WZK05PRkqER83Cv+v4YAsBmxvcvTISLczNv6yfsuQ5tggUC7dupl6Fn/yOyEuhkP
+5Opon1H0SBJxALEvHnOALItdDNwqhnD+j5yCUIKG47LqKTgNp/XTTb3O8p3OSHGi
+Td5DzNQQWJFNjdBfbI14+kcuHg9vrhTfaf3Wb2VMEXR3zIoZo6n7IV39rvFcnUeT
+pQL9ogSLFkSbwUtCOuLhzTrm6HiHun69hBMxGli6w9AvEhEI0VvhxesNOjEbRzEh
+f9ZRU3CtbAl+KC/+WHtTVG+Q6dd4CdGvIYc15SUKQw5EtbLo126oqQyumZYswMdo
+KtkRPgjBXSfl01ORCIhpgqr3efxiL4mLw0sqlrixkd3GqpJ5a5+eAUYbfT4SnbB3
+4x0N1eVO0bnSSdR1AxNe5giuVCdOPNk65LIErT4ZzKGpyp+aCu1CoSgEcwzLmmbS
+b8xoBViQWtow1ZZbssEAxsdN2tFbpSGhPcDgPae1qFM8lPX2wBAwD6zTSwqbhDHU
+CaIMFMNX3xntzxzDmczpCuGXnY986HwLLHVOCjyxLfhAyCwSb0bP0wqVeeKoDZ4L
+vFHZbFKLG99F/oq1+vQfAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAEmfSUPfvlDy
+Ts2yDVQTSpilXcCtM+KeidLil17DiKUyeyHgR6Bwtw88fIXanMjh0oniAvq3pd0m
+KFHARp2Jdx0MBb9IsnG2aP60s41vxumpSq4TD0FLudIkdWXYQEDpe+nh8izxBeSE
+gGjfC1y8fL9BxHYOGNj6ZnscaSsK+ncEafmd3Dc500mWbT/4Z6fpui586RhS3gkf
+RVh1eiPY59M9UhpROLhPSddX6deKIVKhKDhX1ot/cEDDXJwjQa8wFmlKTj14Dd+9
+U5IGUZyhSywPgqy27IB0sCn6boU+MRZiQX2yBTMe6ZzbOfnDeXll+qLz4/657VBA
+ka+FPuLdJ1UgEatfM2KcLPlz8WZ5W0NIeyaaRIDsoDy9I1iSEg165ujaY028jAY6
+q4kIM8Jncfwd/5owto9WS/9A1Zs6vyVekAO3gpzzw8TZcj5RcGc5qK/rg9Esz1Ye
+MnVg1gykHJlhdG9EJHh3JbdfBDbSoW6f46UU1STD0x63Jp+r+xVmF/bRmvu07BBS
+0KwdD7H6Qd2zJA3Cqn0oFqrkTdf1dxrOT80wiXOnlrb8eaUvldd/LtB1qY7WcqgN
+/68p0t3upZJ0OsIjky8DxAzoDz/wNDle8qojsln9La1Ykyf2BtpLX5Qw1aP2eHgI
+naZCOb+gpYVf3/0d/ohxYpn66iFX/lut
+-----END CERTIFICATE-----
diff --git a/nginx/setup/ckan-local.key b/nginx/setup/ckan-local.key
new file mode 100644
index 0000000..54ee677
--- /dev/null
+++ b/nginx/setup/ckan-local.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQCvVVJBGPQPmjPQ
+F8FiEtDE0KIhUuaeKxZUh+FDbqkX1j+xeJ/v0Bf2WpMupV+3a5CxhVk+6nXtnj7p
+vdGDIcf/VVmStOT0ZKhEfNwr/r+GALAZsb3L0yEi3Mzb+sn7LkObYIFAu3bqZehZ
+/8jshLoZD+TqaJ9R9EgScQCxLx5zgCyLXQzcKoZw/o+cglCChuOy6ik4Daf10029
+zvKdzkhxok3eQ8zUEFiRTY3QX2yNePpHLh4Pb64U32n91m9lTBF0d8yKGaOp+yFd
+/a7xXJ1Hk6UC/aIEixZEm8FLQjri4c065uh4h7p+vYQTMRpYusPQLxIRCNFb4cXr
+DToxG0cxIX/WUVNwrWwJfigv/lh7U1RvkOnXeAnRryGHNeUlCkMORLWy6NduqKkM
+rpmWLMDHaCrZET4IwV0n5dNTkQiIaYKq93n8Yi+Ji8NLKpa4sZHdxqqSeWufngFG
+G30+Ep2wd+MdDdXlTtG50knUdQMTXuYIrlQnTjzZOuSyBK0+GcyhqcqfmgrtQqEo
+BHMMy5pm0m/MaAVYkFraMNWWW7LBAMbHTdrRW6UhoT3A4D2ntahTPJT19sAQMA+s
+00sKm4Qx1AmiDBTDV98Z7c8cw5nM6Qrhl52PfOh8Cyx1Tgo8sS34QMgsEm9Gz9MK
+lXniqA2eC7xR2WxSixvfRf6Ktfr0HwIDAQABAoICAQCadogoYVtiA29x+/uZ8wmI
+2mR7BxW0cjER90M0rOC65zzllGcSVjlGBzVy+q4AYPrv6ZJeIyARXj/+nANfivsu
+rnpjDIpH5AV5kKZG+/6uhxydBkE2t6GRnQO9KIuYhYF5+OLlrEFu7qhr4TOZarSo
+L6B0AgeZo6N626LIdcJV7q1PeYJC1BPsp9bNAuD6nOssS65Ue3Nk1eq/NPn4nCqm
+MV54WTKyAFSGbdRppidz2whifPZukuzB5rDxt2Ab1Y/rEz9Wyo+syFj0/PCKIhVN
+YX0VzWxWpFHRz4XST16hUlwDcDmNNcXOshcQ8UlMsfygA1ffOe13DMfX86c4a9ei
+skC9mM7ET0si/VkSRAbbwhfrYS0NNUht/kKK+2myvAl+0WKWySKzBk3UG87XgE7K
+mYZ9Apsvyc/l1cWhR90Tsete74jttM0EYhZH8jF/aPSYiVDfc6Qiw6T3whc1wzIL
+WOdi0jce7ZR69cUpXzTHkWGNgKZ0nmAM00LK+6AvRA1fxNzOn3lQprVtSw6pavuh
+DFnGu6IR3cBjQfJEedqnRpYHupTKfYHFmQZBKou/Ss79cIBKQ/rvvUjHI3XG3tJC
+NqHNHuURcUQB3fvsMf6KC5xm8envxV0GTohb70PGf8UiJ3xQB0aT1utol6Wjy9dO
+hyRd/ZU2uY7whEGou9eAwQKCAQEA5sF+gi6DC2F2yNPxbcEo9dM9annt9s6sSWbi
+hmgn9ekqO3NBCCycO9d6OmVPi2Tl12+yb503eNVE3P+UnlSfHVWv/oFsjLAJPmV/
+nWzFwq7wKTm7lQfO3Gr8vBx39Jx3ENMEYU1y9/hTFci+HmzqwoYnnIYO3bHOj8Uy
+JkXecPfzNYu9HHZ7N4eDmuwhsHFpL7b9swsKWrVWkTFDuorpFowEmljc0VCFGRlf
+WaqVms/LjczLpG6Avp+Zre/oCBtjSFeooOtmnpwwpX8f9pAiU1Gs3OrMKT/kumYu
+BVkjl+73awltRwyeXf/nv3my6TiTZ605JZz/HIQzMIJ7ih3MawKCAQEAwoOsXfhI
+M3pn0h06thRuhpCQ/zQUD4TXiuaxmzaMwBY7vsM066gtuZx+3cFVJF0lLFdN5M+Y
+Hbe9aMNTnxpfos1PIl3863p+kWzKagpWIww184ZL5MOhwc0TUVX0pUJ2nSUvgr0U
+69DQkwBvUU84cH2uMXa9ky2qazRdXJky4BNFsii8IGVNivL10V71EP4ojn2OTTgb
+xPpkycsZtudZxZBKYM2F7dhyRcHdtXteDnA00qdpnqqT+4b4T3mGKQZC9c8dj7AV
+JiK5dSiaqOE+/UXE9xFAncX7Hg5GeELBU15H5mNfQMSL3Y5SrIGtxSr6r3fSbJF6
+vX37Pik+9oNkHQKCAQEAlFfhzyi9f8x5Q2PU+hzKCzZwbgnSa+6zHUDx8Tv2LIVn
+a+6M6QdcrK+6WN4WQ+NqSpP43v3v0lMwQO5hCWQXIhGa4X8sXEkyuBUh8/8gJya1
+J5uAtq7dUh/JN9kJWIxZksxFLZRPi4/tQbzaU87rIICD6IDZ/7U1uIEp2ybheDg9
+9rdNrIWScsFAXpDcm4Rc/Zqi/73iOywGabKE+uAgNilvMBZeZoVf+yGvhYI/SNW6
+4v68D4omY+VQM1xeCxAoRDJuKn0KbH62Wz4dOzGvj2abPS4Ib6Aul5HmlfOXCS5L
+ilj2Ek3PZViFEDfZR0rioCzg5whFjHyEN/Q6HTFI3wKCAQEAgaI5lOLsU4qHeKvM
+Ph79zia4y6xMlk8lS0gWI+hGA5qNtMPqGAgceTBICMhZUwPUy2lf21dS/LNAw3ox
+174+8IQ98hyLe/BGO+syN1uuLmtr5WGiYNLUkhF3h2RuyFi0LmTi9hHHyKWA7AeF
+KL5QUgAgwIxvKZBsnEfo1Naw5k9RyruFLV32QN1NYH0VfH62Tsh0txfmwe9Sjn4S
+JCipVpakS0GNuYbgGYdrmBChDaRQP/gc1wa92wsHoAfQlrS6mZGwFNv4LFNGIEOw
+V07OqQL/kt1nn/6bLlu7MVjj+QjDiFK/361dvYmlpZxDUD0llx2XGo4WLAWzFKlu
+ceH9LQKCAQEA2gzqZpZHtZQCN8spL5McTCY+uDdkyCHF8DE9e2Pd8DR6uACIGm5a
++29d5yXZEJPmWqxhMNoGAJI7XA+xkALYcKchrpLKqUBPBRzzH3jmUFcB3kRNbLek
+cohLTWGcqkP8KAhpTtIGVgFAJ1Gsu5DWnwolVaC3TqdtbUSUCoDI9iI/UYQHBot9
+FAbXKJ3SUtKZdpOmCoMnErn+KXj5B2CHyHXVH5QMp7mX6MZHpuXb/jtI/Cp/HQ/R
+COnLAucndNeLWZ08NNIs3tfXStav6YnA1KLWBA0SEA8taXEgTGGB0KZoTG4+czri
+3NZYHoZNqp79Kl0T6Y0VWI/CpXCS7kgT9A==
+-----END PRIVATE KEY-----
diff --git a/nginx/setup/default.conf b/nginx/setup/default.conf
index 2af6993..17e9cc1 100644
--- a/nginx/setup/default.conf
+++ b/nginx/setup/default.conf
@@ -1,7 +1,11 @@
 server {
     listen       80;
     listen  [::]:80;
+    listen       443 ssl;
+    listen  [::]:443 ssl;
     server_name  localhost;
+    ssl_certificate /etc/nginx/certs/ckan-local.crt;
+    ssl_certificate_key /etc/nginx/certs/ckan-local.key;
 
     #access_log  /var/log/nginx/host.access.log  main;