diff --git a/README.md b/README.md
index 39aea1f..2a70bf0 100644
--- a/README.md
+++ b/README.md
@@ -86,4 +86,25 @@ Done. You should now be able to open the Grafana dashboard on Port 3000 of your
 
 ## Multiple Nodes
 
-It is possible to monitor multiple (Mikrotik) devices. Just change add as many devices to `mktxp/mktxp.conf` as you want. 
\ No newline at end of file
+It is possible to monitor multiple (Mikrotik) devices. Just change add as many devices to `mktxp/mktxp.conf` as you want. 
+
+## HTTPS
+
+It is also possible to access the Grafana Dashboard over HTTPS.
+Depending on your security requirements and/or threat model it might be a good idea to enable HTTPS.
+
+Generate a self signed certificate for your domain:
+
+`sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./nginx/nginx-selfsigned.key -out ./nginx/nginx-selfsigned.crt`
+
+This command generates two files:
+- the private key: `./nginx/nginx-selfsigned.key`
+- the certificate file `./nginx/nginx-selfsigned.crt`
+
+Both files need to be mapped as a volume to `/etc/nginx/ssl/`.
+
+Then you also need to adjust the `docker-compose.yml` file:
+- comment the line `./nginx/nginx.conf:/etc/nginx/conf.d/default.conf`
+- and uncomment the four lines below
+
+Finally you need to adjust the `nginx/nginx.conf.https` and adjust the `server_name` to your domain.
diff --git a/docker-compose.yml b/docker-compose.yml
index 23c2b0c..5678a8e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -38,9 +38,6 @@ services:
       - GF_USERS_ALLOW_SIGN_UP=false
       - GF_INSTALL_PLUGINS=flant-statusmap-panel
     restart: unless-stopped
-    ports:
-      - 3000:3000
-      - 80:3000
     networks:
       - default
     labels:
@@ -55,4 +52,20 @@ services:
     networks:
       - default
     restart: unless-stopped
+
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      # Uncomment the four lines below to enable HTTPS
+      # - ./nginx/nginx.conf.https:/etc/nginx/conf.d/default.conf
+      # - ./nginx/nginx-selfsigned.key:/etc/nginx/ssl/nginx-selfsigned.key
+      # - ./nginx/nginx-selfsigned.crt:/etc/nginx/ssl/nginx-selfsigned.crt
+      # - ./nginx/self-signed.conf:/etc/nginx/ssl/self-signed.conf
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - default
   
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..448fa20
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,9 @@
+server {
+  listen 80;
+  root /usr/share/nginx/html;
+  index index.html index.htm;
+
+  location / {
+   proxy_pass http://grafana:3000/;
+  }
+}
diff --git a/nginx/nginx.conf.https b/nginx/nginx.conf.https
new file mode 100644
index 0000000..337a05f
--- /dev/null
+++ b/nginx/nginx.conf.https
@@ -0,0 +1,22 @@
+server {
+  listen 80;
+
+  server_name 192.168.0.10;
+
+  # Your domain
+  return 302 https://192.168.0.10;
+
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  include ssl/self-signed.conf;
+
+  # Your domain
+  server_name 192.168.0.10;
+
+  location / {
+   proxy_pass http://grafana:3000/;
+  }
+}
diff --git a/nginx/self-signed.conf b/nginx/self-signed.conf
new file mode 100644
index 0000000..2f00ed0
--- /dev/null
+++ b/nginx/self-signed.conf
@@ -0,0 +1,2 @@
+ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
+ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;