diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index ab9dc13..77911b4 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -21,6 +21,7 @@ services:
     environment:
       NODE_ENV: production
       DB_URI: mongodb://mongo:27017/outpost_api
+      FORCE_SSL: true
     networks:
       - outpost_api_internal_network
       - outpost_api_external_network
diff --git a/index.js b/index.js
index bcb2035..6e2dc00 100644
--- a/index.js
+++ b/index.js
@@ -21,9 +21,13 @@ connect(() =>
 
 server.set("trust proxy", 1)
 
+// outside of dev environment if we send FORCE_SSL then SSL is forced
 if (!isDevelopment) {
-  server.use(forceSSL)
+  if (process.env.FORCE_SSL && process.env.FORCE_SSL.toLowerCase() === "true") {
+    server.use(forceSSL)
+  }
 }
+
 server.use(
   rateLimit({
     windowMs: 15 * 60 * 1000,