diff --git a/docker-compose.yml b/docker-compose.yml
index 5acabfbb..a450062a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,19 @@
 name: hdx-oss
 services:
+  # ONLY USED FOR DEMO SSL SETUP
+  # nginx:
+  #   image: nginx:1.27.3
+  #   volumes:
+  #     - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+  #     - ./docker/nginx/ssl:/etc/nginx/ssl
+  #     - .volumes/nginx_logs:/var/log/nginx
+  #   ports:
+  #     - 80:80
+  #     - 443:443
+  #   networks:
+  #     - internal
+  #   depends_on:
+  #     - app
   # go-parser:
   #   image: ${IMAGE_NAME_HDX}:${IMAGE_VERSION}-go-parser
   #   environment:
diff --git a/docker/nginx/README.md b/docker/nginx/README.md
new file mode 100644
index 00000000..525408ca
--- /dev/null
+++ b/docker/nginx/README.md
@@ -0,0 +1,15 @@
+# Setup SSL nginx reverse proxy
+
+1. Install mkcert [mkcert](https://github.com/FiloSottile/mkcert)
+2. Exec `mkcert mydomain.local` and `mkcert -install`
+3. Make sure the pem files are used in the nginx.conf file
+4. Update HYPERDX_APP_URL to https://mydomain.local in the .env file
+5. Update HYPERDX_APP_PORT to 443 (same as the nginx server port) in the .env file
+6. Add the following to the /etc/hosts file
+```
+127.0.0.1 mydomain.local
+```
+7. Comment out ports mapping in the docker-compose.yml file for `app` service (so that the app is not exposed to the host)
+8. Enable nginx service in the docker-compose.yml file
+9. Run `docker-compose up -d`
+10. Open https://mydomain.local in the browser
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
new file mode 100644
index 00000000..0cb6e45c
--- /dev/null
+++ b/docker/nginx/nginx.conf
@@ -0,0 +1,55 @@
+# Main NGINX configuration
+user nginx;
+worker_processes auto;
+
+# Error log
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+# Events block
+events {
+    worker_connections 1024;
+}
+
+# HTTP block: Place your server block here
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Logging
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    # Gzip compression
+    gzip on;
+
+    # Redirect HTTP to HTTPS
+    server {
+        listen 80;
+        server_name mydomain.local www.mydomain.local;
+
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS reverse proxy
+    server {
+        listen 443 ssl;
+        server_name mydomain.local www.mydomain.local;
+
+        # TLS settings
+        ssl_certificate /etc/nginx/ssl/mydomain.local.pem;
+        ssl_certificate_key /etc/nginx/ssl/mydomain.local-key.pem;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+        location / {
+            # Points to the HyperDX app service
+            proxy_pass http://app:443;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}