diff --git a/config/nginx.conf b/config/nginx.conf
index f725346..0d70eb1 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -23,3 +23,33 @@ server {
     }
 }
 
+
+server {
+    listen 8443 ssl;
+    server_name mx22.local;
+    root   /app;
+
+    location / {
+        # disable cache entriely by default (apart from Etag which is accurate enough)
+        add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+        if_modified_since off;
+        expires off;
+        # also turn off last-modified since they are just the timestamps of the file in the docker image
+        # and may or may not bear any resemblance to when the resource changed
+        add_header Last-Modified "";
+
+        try_files $uri /$uri /index.html;
+    }
+
+    # assets can be cached because they have hashed filenames
+    location /assets {
+        expires 1w;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    ssl_certificate "/etc/ssl/certs/element-call.crt";
+    ssl_certificate_key "/etc/ssl/private/element-call.key";
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout  10m;
+    ssl_prefer_server_ciphers on;
+}
diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 1d1760e..66b1f44 100644
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: v0.3.13
diff --git a/helm-chart/files/nginx.conf b/helm-chart/files/nginx.conf
new file mode 120000
index 0000000..c58770e
--- /dev/null
+++ b/helm-chart/files/nginx.conf
@@ -0,0 +1 @@
+../../config/nginx.conf
\ No newline at end of file
diff --git a/helm-chart/templates/configmap.yaml b/helm-chart/templates/configmap.yaml
index 2ef7fcb..aa130e2 100644
--- a/helm-chart/templates/configmap.yaml
+++ b/helm-chart/templates/configmap.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,3 +7,31 @@ metadata:
 data:
   {{ .Values.config.fileName }}: |
     {{ .Values.config.data  | toPrettyJson |  quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+  namespace: default
+data:
+  default.conf: {{ .Files.Get "files/nginx.conf"  | quote }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ssl-cert
+  namespace: default
+data:
+  element-call.crt: {{ .Files.Get "certs/element-call.crt"  | quote }}
+
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ssl-key
+  namespace: default
+data:
+  element-call.key: {{ .Files.Get "certs/element-call.key"  | quote }}
diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml
index 62250e6..f16d645 100644
--- a/helm-chart/templates/deployment.yaml
+++ b/helm-chart/templates/deployment.yaml
@@ -37,6 +37,9 @@ spec:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
+            - name: https
+              containerPort: {{ .Values.service.port_https }}
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /
@@ -51,10 +54,25 @@ spec:
           - name: config-volume
             mountPath: "{{ .Values.config.path }}"
             subPath: "{{ .Values.config.fileName }}"
+          - name: nginx-volume
+            mountPath: "{{ .Values.nginx_config.path }}"
+          - name: ssl-cert-volume
+            mountPath: "/etc/ssl/certs/"
+          - name: ssl-key-volume
+            mountPath: "/etc/ssl/private/"
       volumes:
         - name: config-volume
           configMap:
             name: app-config
+        - name: nginx-volume
+          configMap:
+            name: nginx-config
+        - name: ssl-cert-volume
+          configMap:
+            name: ssl-cert
+        - name: ssl-key-volume
+          configMap:
+            name: ssl-key
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/helm-chart/templates/service.yaml b/helm-chart/templates/service.yaml
index 0c0ca72..10129b6 100644
--- a/helm-chart/templates/service.yaml
+++ b/helm-chart/templates/service.yaml
@@ -11,5 +11,9 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
+    - port: {{ .Values.service.port_https }}
+      targetPort: {{ .Values.service.port_https }}
+      protocol: TCP
+      name: element-https
   selector:
     {{- include "element-call.selectorLabels" . | nindent 4 }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 419b930..c649921 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -5,10 +5,10 @@
 replicaCount: 1
 
 image:
-  repository: element-call_call
-  pullPolicy: Never
+  repository: ghcr.io/vector-im/element-call
+  pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  # tag: ""
 
 imagePullSecrets: []
 nameOverride: ""
@@ -41,6 +41,7 @@ service:
   port: 8080
   targetPort: 8080
   nodePort: 30070
+  port_https: 8443
 
 ingress:
   enabled: false
@@ -87,3 +88,7 @@ config:
              "feature_group_calls_without_video_and_audio": true
            }
          }
+
+nginx_config:
+  path: /etc/nginx/conf.d
+  fileName: default.conf