diff --git a/Makefile b/Makefile
index e17ea04..eab35ff 100644
--- a/Makefile
+++ b/Makefile
@@ -20,4 +20,4 @@ image:
 	@docker build -t dlabs/testserver:latest .
 
 certs:
-	@echo "Not implemented"
+	@openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/vagrant/test-devops/crt/testserver.lan.key -out /home/vagrant/test-devops/crt/testserver.lan.crt
diff --git a/build b/build
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
index 14d6b03..9945318 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "2.2"
+version: "2.0"
 
 services:
   loadbalancer:
diff --git a/entrypoint.sh b/entrypoint.sh
index 8a74ff9..6dd37bd 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,3 +1,4 @@
 #!/bin/bash
+eval $(cat .env | xargs echo export)
 
-/usr/local/bin/testserver
+exec /usr/local/bin/testserver -address 0.0.0.0 -ca-file /crt/ca.pem -cert-file /crt/testserver.pem -key-file /crt/testserver-key.pem
diff --git a/env-script.sh b/env-script.sh
new file mode 100644
index 0000000..ce53b8f
--- /dev/null
+++ b/env-script.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+. ./.env
+cat .env | while read line; do
+	echo $line
+done
diff --git a/nginx.conf b/nginx.conf
index 5de003b..59f85c4 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,8 +1,33 @@
+#enable loadbalancing
+upstream testserver {
+   least_conn; #use least conntected method.
+   server testserver_testserver_1:8800 max_fails=3 fail_timeout=30s; #If request to the server fails three times it is marked as down for 30 seconds
+#   server testserver_testserver_2:8800 max_fails=3 fail_timeout=30s;
+#   server testserver_testserver_3:8800 max_fails=3 fail_timeout=30s;
+}
+
 server {
     listen 80;
     server_name testserver.lan;
 
     location / {
-	    proxy_pass http://testserver:8800;
+	proxy_set_header X-NAME testserver;
+	proxy_pass https://testserver;
+	proxy_ssl_certificate /crt/user.pem;
+   	proxy_ssl_certificate_key /crt/user-key.pem;
     }
 }
+
+server {
+   listen 443 ssl;
+   server_name testserver.lan;
+   ssl_certificate /crt/cert.pem;
+   ssl_certificate_key /crt/key.pem;
+
+   location / {
+	proxy_set_header X-NAME testserver-SSL;
+	proxy_pass https://testserver;
+	proxy_ssl_certificate /crt/user.pem;
+        proxy_ssl_certificate_key /crt/user-key.pem;
+  }
+}