diff --git a/config.yml b/config.yml
index 4cb4eae..06d8321 100644
--- a/config.yml
+++ b/config.yml
@@ -25,6 +25,15 @@ http:
   # Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true
   git-enabled: true
 
+  # Enable or disable TLS (either `true` or `false`). Default: false
+  tls-enabled: false
+
+  # Path to the TLS certificate file if TLS is enabled
+  cert-file:
+
+  # Path to the TLS key file if TLS is enabled
+  key-file:
+
 # SSH built-in server configuration
 # Note: it is not using the SSH daemon from your machine (yet)
 ssh:
diff --git a/internal/config/config.go b/internal/config/config.go
index feac8ea..443988a 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -19,10 +19,13 @@ type config struct {
 	LogLevel      string `yaml:"log-level"`
 
 	HTTP struct {
-		Host   string `yaml:"host"`
-		Port   string `yaml:"port"`
-		Domain string `yaml:"domain"`
-		Git    bool   `yaml:"git-enabled"`
+		Host       string `yaml:"host"`
+		Port       string `yaml:"port"`
+		Domain     string `yaml:"domain"`
+		Git        bool   `yaml:"git-enabled"`
+		TLSEnabled bool   `yaml:"tls-enabled"`
+		CertFile   string `yaml:"cert-file"`
+		KeyFile    string `yaml:"key-file"`
 	} `yaml:"http"`
 
 	SSH struct {
@@ -51,6 +54,8 @@ func configWithDefaults() (*config, error) {
 	c.HTTP.Domain = "localhost"
 	c.HTTP.Git = true
 
+	c.HTTP.TLSEnabled = false
+
 	c.SSH.Enabled = true
 	c.SSH.Host = "0.0.0.0"
 	c.SSH.Port = "2222"
diff --git a/internal/web/run.go b/internal/web/run.go
index dfa6045..68f6e78 100644
--- a/internal/web/run.go
+++ b/internal/web/run.go
@@ -102,7 +102,7 @@ func Start() {
 		}
 	}
 
-	e.Use(basicInit)
+	e.Use(sessionInit)
 
 	e.Validator = NewValidator()
 
@@ -168,16 +168,23 @@ func Start() {
 	// Git HTTP routes
 	if config.C.HTTP.Git {
 		e.Any("/:user/:gistname/*", gitHttp, gistInit)
-		debugStr = " (with Git HTTP support)"
+		debugStr = " (with Git over HTTP)"
 	}
 
 	e.Any("/*", noRouteFound)
 
 	addr := config.C.HTTP.Host + ":" + config.C.HTTP.Port
-	log.Info().Msg("Starting HTTP server on http://" + addr + debugStr)
 
-	if err := e.Start(addr); err != nil {
-		log.Fatal().Err(err).Msg("Failed to start HTTP server")
+	if config.C.HTTP.TLSEnabled {
+		log.Info().Msg("Starting HTTPS server on https://" + addr + debugStr)
+		if err := e.StartTLS(addr, config.C.HTTP.CertFile, config.C.HTTP.KeyFile); err != nil {
+			log.Fatal().Err(err).Msg("Failed to start HTTPS server")
+		}
+	} else {
+		log.Info().Msg("Starting HTTP server on http://" + addr + debugStr)
+		if err := e.Start(addr); err != nil {
+			log.Fatal().Err(err).Msg("Failed to start HTTP server")
+		}
 	}
 }
 
@@ -186,14 +193,14 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc {
 		ctxValue := context.WithValue(ctx.Request().Context(), "data", echo.Map{})
 		ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 		setData(ctx, "loadStartTime", time.Now())
+		setData(ctx, "signupDisabled", config.C.DisableSignup)
+
 		return next(ctx)
 	}
 }
 
-func basicInit(next echo.HandlerFunc) echo.HandlerFunc {
+func sessionInit(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(ctx echo.Context) error {
-		setData(ctx, "signupDisabled", config.C.DisableSignup)
-
 		sess := getSession(ctx)
 		if sess.Values["user"] != nil {
 			user := &models.User{ID: sess.Values["user"].(uint)}