diff --git a/Dockerfile b/Dockerfile
index 76ced4b..d4fe87e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -56,16 +56,30 @@ VOLUME /tmp/roundcube-temp
 
 # launch and configure Unit
 RUN \
+# generate self-signed certificate
+	mkdir -p /ssl; \
+	openssl genpkey -algorithm RSA -out /ssl/key.pem -pkeyopt rsa_keygen_bits:4096; \
+	chmod 600 /ssl/key.pem; \
+	openssl rsa -pubout -in /ssl/key.pem -out /ssl/cert.pem; \
+	cat /ssl/cert.pem /ssl/key.pem > /ssl/bundle.pem; \
+	chmod 600 /ssl/bundle.pem; \
+# create mock index files for configuring unit
 	[ -d /var/www/html/public_html ] || { \
 	  mkdir -p /var/www/html/public_html /var/www/html/public_html.remove; \
 	}; \
 	[ -f /var/www/html/public_html/index.php ] || { \
 	  touch /var/www/html/public_html/index.php /var/www/html/public_html/index.php.remove; \
 	}; \
-	unitd --control unix:/var/run/control.unit.sock \
-	&& curl -X PUT --data-binary \
+# configure unit
+	unitd --control unix:/var/run/control.unit.sock; \
+	curl -X PUT --data-binary @/ssl/bundle.pem --unix-socket \
+          /var/run/control.unit.sock http://localhost/certificates/default; \
+	curl -X PUT --data-binary \
 	'{ \
-	  "listeners": { "*:9000": { "pass": "routes" } }, \
+	  "listeners": { \
+	    "*:9080": { "pass": "routes" }, \
+	    "*:9443": { "pass": "routes", "tls": { "certificates": "default" } } \
+          }, \
 	  "routes": [ \
 	    { "match": { "uri": "/plugins/*.php" }, "action": { "pass": "applications/direct_php" } }, \
 	    { "match": { "uri": "/skins/*" }, "action": { "share": "/var/www/html/public_html" } }, \
@@ -99,6 +113,7 @@ RUN \
 	  rm -rf /var/www/html/public_html /var/www/html/public_html.remove; \
 	}
 
+
 WORKDIR /var/www/html
 EXPOSE 9000
 ENTRYPOINT ["/docker-entrypoint.sh"]