diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index ac3d7a3..a02bb1d 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -23,8 +23,7 @@ http {
         server_name "private-docker-registry.nilstrieb.dev";
 
         location / {
-            return 404 'No registry here...';
-            #proxy_pass http://registry:5000/;
+            proxy_pass https://registry:5000/;
         }
     }
 
diff --git a/nginx/run.sh b/nginx/run.sh
index fca53f5..e610af8 100755
--- a/nginx/run.sh
+++ b/nginx/run.sh
@@ -2,7 +2,7 @@
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
-if [ $STAGE = "localhost" ] ;
+if [ "$STAGE" = "localhost" ] ;
 then
     echo "INFO Running on localhost"
     NGINX_CONF="nginx.local.conf"
diff --git a/registry/README.md b/registry/README.md
index 9381dcd..0abf425 100644
--- a/registry/README.md
+++ b/registry/README.md
@@ -1,2 +1,6 @@
 - https://docs.docker.com/registry/deploying/
-- https://docs.docker.com/registry/configuration/
\ No newline at end of file
+- https://docs.docker.com/registry/configuration/
+
+```sh
+sudo htpasswd -cB /etc/.htpasswd username
+```
\ No newline at end of file
diff --git a/registry/config.yml b/registry/config.yml
index b9e957d..6b8724b 100644
--- a/registry/config.yml
+++ b/registry/config.yml
@@ -12,12 +12,6 @@ storage:
     maxthreads: 100
   delete:
     enabled: true
-  #token:
-  #  autoredirect: true
-  #  realm: token-realm
-  #  service: token-service
-  #  issuer: registry-token-issuer
-  #  rootcertbundle: /root/certs/bundle
 http:
   addr: 0.0.0.0:5000
   draintimeout: 60s
diff --git a/registry/run.sh b/registry/run.sh
index 4a47bcc..4702ef7 100755
--- a/registry/run.sh
+++ b/registry/run.sh
@@ -2,12 +2,31 @@
 
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
+if [ "$STAGE" = "localhost" ] ;
+then
+    echo "INFO Running on localhost"
+    CERT_VOLUME=""
+else
+    echo "INFO Running on prod"
+    CERT_VOLUME="\
+        -v=/etc/letsencrypt:/etc/letsencrypt \
+        -v=/etc/htpasswd:/htpasswd \
+        -e=REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem \
+        -e=REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem \
+        -e=REGISTRY_AUTH=htpasswd \
+        -e=REGISTRY_AUTH_HTPASSWD_REALM=Realm \
+        -e=REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd \
+    "
+fi
+
 if docker container inspect registry > /dev/null 2>&1 ;
 then
-    echo "Registry container exists already..."
+    echo "INFO Registry container exists already..."
 else
     docker run -d -p 5000:5000 --restart=always --name registry \
         -v "$SCRIPT_DIR/config.yml:/etc/docker/registry/config.yml" \
+        -v "/var/lib/docker/registry:/var/lib/registry" \
+        $CERT_VOLUME \
         --net internal \
         registry:2
 fi
\ No newline at end of file