diff --git a/.env b/.env
index de18205..cc28beb 100644
--- a/.env
+++ b/.env
@@ -1,5 +1,8 @@
 VERSIA_PORT=8443
 
+#VERSIA_TLS_KEY=
+#VERSIA_TLS_CERT=
+
 PUBLIC_ADDRESS=https://localhost
 INSTANCE_NAME=lysand-test
 INSTANCE_DESCRIPTION=Versia-Go Instance
diff --git a/compose.yml b/compose.yml
index a6af974..d437d22 100644
--- a/compose.yml
+++ b/compose.yml
@@ -25,44 +25,28 @@ services:
     <<: *versia-default
     hostname: lysand-test.i.devminer.xyz
     volumes:
-      - /etc/ssl/certs:/etc/ssl/certs:ro
-      - /etc/ca-certificates/extracted:/etc/ca-certificates/extracted
-      - type: bind
-        source: ./key.pem
-        target: /app/key.pem
-      - type: bind
-        source: ./cert.pem
-        target: /app/cert.pem
       - type: bind
         source: ./1.db
         target: /app/test.db
     environment:
-      VERSIA_PORT: 8443
+      VERSIA_PORT: 8080
       NATS_URI: nats://nats:4222
-      PUBLIC_ADDRESS: https://lysand-test.i.devminer.xyz:8443
+      PUBLIC_ADDRESS: https://lysand-test.i.devminer.xyz:8080
       NATS_STREAM_NAME: versia-go-1
     ports:
-      - "8443:8443"
+      - "8080:8080"
 
   versia-2:
     <<: *versia-default
     hostname: lysand-test-2.i.devminer.xyz
     volumes:
-      - /etc/ssl/certs:/etc/ssl/certs:ro
-      - /etc/ca-certificates/extracted:/etc/ca-certificates/extracted
-      - type: bind
-        source: ./key2.pem
-        target: /app/key.pem
-      - type: bind
-        source: ./cert2.pem
-        target: /app/cert.pem
       - type: bind
         source: ./2.db
         target: /app/test.db
     environment:
-      VERSIA_PORT: 8444
+      VERSIA_PORT: 8081
       NATS_URI: nats://nats:4222
-      PUBLIC_ADDRESS: https://lysand-test-2.i.devminer.xyz:8444
+      PUBLIC_ADDRESS: https://lysand-test-2.i.devminer.xyz:8081
       NATS_STREAM_NAME: versia-go-2
     ports:
-      - "8444:8444"
+      - "8081:8081"
diff --git a/config/config.go b/config/config.go
index 7c56cab..ef8c315 100644
--- a/config/config.go
+++ b/config/config.go
@@ -11,7 +11,9 @@ import (
 )
 
 type Config struct {
-	Port int
+	Port    int
+	TLSKey  *string
+	TLSCert *string
 
 	PublicAddress  *url.URL
 	Host           string
@@ -48,8 +50,17 @@ func Load() {
 		}
 	}
 
+	tlsKey := optionalEnvStr("VERSIA_TLS_KEY")
+	tlsCert := optionalEnvStr("VERSIA_TLS_CERT")
+	if (tlsKey != nil && tlsCert == nil) || (tlsKey == nil && tlsCert != nil) {
+		log.Fatal().
+			Msg("Both VERSIA_TLS_KEY and VERSIA_TLS_CERT have to be set if you want to use in-process TLS termination.")
+	}
+
 	C = Config{
-		Port: getEnvInt("VERSIA_PORT", 80),
+		Port:    getEnvInt("VERSIA_PORT", 80),
+		TLSCert: tlsCert,
+		TLSKey:  tlsKey,
 
 		PublicAddress:  publicAddress,
 		Host:           publicAddress.Host,
diff --git a/main.go b/main.go
index 9f0fa9f..a80fb4f 100644
--- a/main.go
+++ b/main.go
@@ -215,7 +215,16 @@ func main() {
 		defer wg.Done()
 
 		log.Debug().Msg("Starting server")
-		if err := web.ListenTLS(fmt.Sprintf(":%d", config.C.Port), "cert.pem", "key.pem"); err != nil {
+
+		addr := fmt.Sprintf(":%d", config.C.Port)
+
+		var err error
+		if config.C.TLSKey != nil {
+			err = web.ListenTLS(addr, *config.C.TLSCert, *config.C.TLSKey)
+		} else {
+			err = web.Listen(addr)
+		}
+		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to start server")
 		}
 	}()