diff --git a/README.md b/README.md
index 36fe229..a99f060 100644
--- a/README.md
+++ b/README.md
@@ -35,8 +35,14 @@ STDOUT.  Check the README there for more details and usages.
 
 ## Settings
 
-* `host` - the host the server runs on (default localhost)
-* `port` - the port the server runs on (default 7777)
+* `http` - whether or not to serve an unencrypted HTTP site (default true)
+* `http_host` - the host the HTTP server runs on (default localhost)
+* `http_port` - the port the HTTP server runs on (default 7777)
+* `https` - whether or not to serve an encrypted HTTPS site (default false)
+* `https_host` - the host the HTTPS server runs on (default localhost)
+* `https_port` - the port the HTTPS server runs on (default 7778)
+* `https_cert" - the file location of the HTTPS certificate (default /opt/certs/fullchain.pem)
+* `https_key" - the file location of the HTTPS private key (default /opt/certs/privkey.pem)
 * `keyLength` - the length of the keys to user (default 10)
 * `maxLength` - maximum length of a paste (default none)
 * `staticMaxAge` - max age for static assets (86400)
diff --git a/config.js b/config.js
index 52ad004..3e70a6a 100644
--- a/config.js
+++ b/config.js
@@ -1,7 +1,13 @@
 {
+  "http": true,
+  "http_host": "0.0.0.0",
+  "http_port": 7777,
 
-  "host": "0.0.0.0",
-  "port": 7777,
+  "https": false,
+  "https_host": "0.0.0.0",
+  "https_port": 7778,
+  "https_cert": "/opt/certs/fullchain.pem",
+  "https_key": "/opt/certs/privkey.pem",
 
   "keyLength": 10,
 
diff --git a/package.json b/package.json
index f7a5148..054c07e 100644
--- a/package.json
+++ b/package.json
@@ -14,16 +14,18 @@
   },
   "main": "haste",
   "dependencies": {
+    "busboy": "0.2.4",
+    "connect": "3.4.1",
     "connect-ratelimit": "0.0.7",
     "connect-route": "0.1.5",
-    "connect": "3.4.1",
-    "st": "1.1.0",
-    "winston": "0.6.2",
-    "redis-url": "0.1.0",
+    "express": "^4.15.0",
+    "https": "^1.0.0",
+    "pg": "4.1.1",
     "redis": "0.8.1",
+    "redis-url": "0.1.0",
+    "st": "1.1.0",
     "uglify-js": "1.3.3",
-    "busboy": "0.2.4",
-    "pg": "4.1.1"
+    "winston": "0.6.2"
   },
   "devDependencies": {
     "mocha": "*",
diff --git a/server.js b/server.js
index d304643..c674085 100644
--- a/server.js
+++ b/server.js
@@ -1,6 +1,8 @@
+var express = require('express');
+var https = require('https');
 var http = require('http');
-var url = require('url');
 var fs = require('fs');
+var url = require('url');
 
 var winston = require('winston');
 var connect = require('connect');
@@ -10,10 +12,40 @@ var connect_rate_limit = require('connect-ratelimit');
 
 var DocumentHandler = require('./lib/document_handler');
 
-// Load the configuration and set some defaults
+// Load the HTTP configuration and set some defaults
 var config = JSON.parse(fs.readFileSync('./config.js', 'utf8'));
-config.port = process.env.PORT || config.port || 7777;
-config.host = process.env.HOST || config.host || 'localhost';
+config.http = process.env.HTTP || config.http || false;
+config.http_port = process.env.HTTPS_PORT || config.http_port || 80;
+config.http_host = process.env.HTTPS_HOST || config.http_host || 'localhost';
+
+// Load the HTTPS configuration and set some defaults
+config.https = process.env.HTTPS || config.https || false;
+config.https_port = process.env.HTTPS_PORT || config.https_port || 443;
+config.https_host = process.env.HTTPS_HOST || config.https_host || 'localhost';
+config.https_key = process.env.HTTPS_KEY || config.https_key || '';
+config.https_cert = process.env.HTTPS_CERT || config.https_cert || '';
+
+var https_options = {};
+if (config.https) {
+  https_options = {
+    key: fs.readFileSync(config.https_key),
+    cert: fs.readFileSync(config.https_cert)
+  };
+}
+
+// Verify a service was enabled
+if (!config.http && !config.https){
+  winston.error('Neither HTTP nor HTTPS enabled. Quitting.');
+  process.exit(1)
+}
+
+// If both HTTP and HTTPS are enabled, verify different ports were used
+if (config.http && config.https){
+  if (config.http_port === config.https_port){
+    winston.error('HTTP port must not be the same as HTTPS port. Quitting.');
+    process.exit(1)
+  }
+}
 
 // Set up the logger
 if (config.logging) {
@@ -102,7 +134,7 @@ var documentHandler = new DocumentHandler({
   keyGenerator: keyGenerator
 });
 
-var app = connect();
+var app = express();
 
 // Rate limit all requests
 if (config.rateLimits) {
@@ -154,6 +186,15 @@ app.use(connect_st({
   index: 'index.html'
 }));
 
-http.createServer(app).listen(config.port, config.host);
 
-winston.info('listening on ' + config.host + ':' + config.port);
+if (config.http) {
+  http.createServer(app).listen(config.http_port, config.http_host);
+  winston.info('listening on http:\/\/' + config.http_host + ':' + config.http_port);
+}
+
+if (config.https) {
+  https.createServer(https_options, app).listen(config.https_port, config.https_host);
+  winston.info('listening on https:\/\/' + config.https_host + ':' + config.https_port);
+}
+
+