diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 57bf53bda6e..7e160c66987 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -36,16 +36,22 @@ services:
     volumes:
       - ./docker/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./docker/covers_nginx.conf:/etc/nginx/sites-enabled/covers_nginx.conf:ro
+      # Needed for HTTPS, since this is a public server
+      - ../olsystem/etc/nginx/default-docker.conf:/etc/nginx/sites-enabled/default:ro
       # Needs access to openlibrary for static files
       - .:/openlibrary
       - ../olsystem:/olsystem
       - /1/var/lib/openlibrary/sitemaps/sitemaps:/sitemaps
     ports:
-      - 8081:8081
+      - 80:80
+      - 443:443
     networks:
       - webnet
     secrets:
       - petabox_seed
+      # Needed by default-docker.conf
+      - ssl_certificate
+      - ssl_certificate_key
 
   infobase:
     restart: always
@@ -75,5 +81,11 @@ services:
       - petabox_seed
 
 secrets:
-   petabox_seed:
-     file: /opt/.petabox/seed
+    petabox_seed:
+      file: /opt/.petabox/seed
+
+    # SSL-related secrets
+    ssl_certificate:
+      file: /opt/.petabox/openlibrary.org.combined.crt
+    ssl_certificate_key:
+      file: /opt/.petabox/openlibrary.org.nopassword.key
diff --git a/docker/covers_nginx.conf b/docker/covers_nginx.conf
index c44060f4387..28b78bfb865 100644
--- a/docker/covers_nginx.conf
+++ b/docker/covers_nginx.conf
@@ -1,5 +1,6 @@
 server {
-      listen 8081;
+      listen 80;
+      listen 443;
       server_name  covers.openlibrary.org;
 
       include /run/secrets/petabox_seed;