diff --git a/data/network.nix b/data/network.nix
index be5ce05..f3e3a85 100644
--- a/data/network.nix
+++ b/data/network.nix
@@ -64,10 +64,7 @@ rec {
       ip = ips.pi;
       reverse_proxy = {
         port = 6167;
-        extraConfig = {
-          enableACME = true;
-          forceSSL = true;
-        };
+        ssl = true;
       };
       domainOverride = "v2202603344638441294.bestsrv.de";
     };
diff --git a/services/nginx.nix b/services/nginx.nix
index c6a293a..c02ac91 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -21,6 +21,13 @@ let
     myExtraConfig = if service.reverse_proxy ? extraConfig
         then service.reverse_proxy.extraConfig
         else {};
+    sslConfig = if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
+        then {
+          enableACME = true;
+          forceSSL = true;
+          listen = [ {addr = "0.0.0.0"; port = 443;} ];
+        }
+        else {};
   in
     {
       serverName = "${domain}";
@@ -30,7 +37,7 @@ let
         allow ${network.network.subnet};
         deny all;
       '';
-    } // serverAlias // myExtraConfig;
+    } // serverAlias // sslConfig // myExtraConfig;
   rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
   serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
   fallback = {