diff --git a/Tiltfile b/Tiltfile
index 74b33b84..c0c1de95 100644
--- a/Tiltfile
+++ b/Tiltfile
@@ -11,11 +11,13 @@ resources = [
     "redis",
     "database",
     "app",
-    "worker"
+    "worker",
+    "nginx"
 ]
 
 
 if local_app:
+    resources.remove("nginx")
     resources.remove("app")
     resources.remove("worker")
     local_resource(
diff --git a/docker-compose.yml b/docker-compose.yml
index cd617931..97e28c55 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,7 +34,9 @@ services:
     environment:
       - DATABASE_URL=postgresql://gtrp:gtrp@database/get_an_international_relocation_payment_development
       - REDIS_URL=redis://redis
-      - RAILS_ENV=development
+      - RAILS_ENV=production
+      - SECRET_KEY_BASE=123476927954
+      - RAILS_SERVE_STATIC_FILES=true
     env_file:
       - .env
 
@@ -43,5 +45,22 @@ services:
     ports:
       - 3001:3001
     command: ./bin/worker-startup.sh
+
+  nginx:
+    image: nginx:1.25
+    networks:
+      - gtrp
+    depends_on: [ app ]
+    ports:
+      - 443:443
+      - 80:80
+    environment:
+      - BACKEND_HOST=app
+      - BACKEND_PORT=3000
+    volumes:
+      - ./nginx/nginx.conf.template:/etc/nginx/templates/default.conf.template:ro
+      - ./nginx/cert.pem:/etc/ssl/certs/site.crt
+      - ./nginx/key.pem:/etc/ssl/private/site.dec.key
+
 networks:
   gtrp:
diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template
new file mode 100644
index 00000000..ca982b33
--- /dev/null
+++ b/nginx/nginx.conf.template
@@ -0,0 +1,39 @@
+upstream backend {
+    server $BACKEND_HOST:$BACKEND_PORT fail_timeout=5s max_fails=5;
+}
+
+server {
+    listen 80;
+    server_name itrp.local;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name itrp.local;
+
+    ssl_certificate /etc/ssl/certs/site.crt;
+    ssl_certificate_key /etc/ssl/private/site.dec.key;
+
+    location / {
+        # $app_url value equal to the env var $APP_URL
+        # and is set by envsubst from the variables.template file
+        proxy_pass         http://backend;
+        proxy_redirect     off;
+        proxy_http_version 1.1;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection keep-alive;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_buffer_size           128k;
+        proxy_buffers               4 256k;
+        proxy_busy_buffers_size     256k;
+    }
+}
\ No newline at end of file