diff --git a/main.go b/main.go
index eb29bd6..8665055 100644
--- a/main.go
+++ b/main.go
@@ -25,6 +25,8 @@ var (
 		reload — reloading the configuration file`)
 )
 
+const DOMAIN_NAME = "threefortiethofonehamster.com"
+
 const HTML_HEADER = `<!doctype html5>
 <html>
 <head>
@@ -125,8 +127,10 @@ func main() {
 	}
 	defer cntxt.Release()
 
+	var redirect http.Server
 	var srv http.Server
 
+	go startRedirectServer(&redirect)
 	go startServer(&srv)
 
 	go func() {
@@ -135,6 +139,9 @@ func main() {
 		if err := srv.Shutdown(context.Background()); err != nil {
 			log.Printf("server shutdown error: %v\n", err)
 		}
+		if err = redirect.Shutdown(context.Background()); err != nil {
+			log.Printf("redirect shutdown error: %v\n", err)
+		}
 	}()
 
 	err = daemon.ServeSignals()
@@ -164,7 +171,26 @@ func startServer(srv *http.Server) {
 	serveMux.Handle("/gfm/", http.StripPrefix("/gfm", http.FileServer(gfmstyle.Assets)))
 	serveMux.HandleFunc("/main.css", func(w http.ResponseWriter, r *http.Request) { http.ServeFile(w, r, "main.css") })
 
-	srv.Addr = ":8000"
+	srv.Addr = ":8043"
+	srv.Handler = serveMux
+	log.Print("starting server")
+	log.Fatal(srv.ListenAndServeTLS("/etc/letsencrypt/live/"+DOMAIN_NAME+"/fullchain.pem",
+		"/etc/letsencrypt/live/"+DOMAIN_NAME+"/privkey.pem"))
+	close(serverShutdown)
+}
+
+func startRedirectServer(srv *http.Server) {
+	serveMux := http.NewServeMux()
+	// copied from https://gist.github.com/d-schmidt/587ceec34ce1334a5e60
+	serveMux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
+		target := "https://" + req.Host + req.URL.Path
+		if len(req.URL.RawQuery) > 0 {
+			target += "?" + req.URL.RawQuery
+		}
+		http.Redirect(w, req, target, http.StatusTemporaryRedirect)
+	})
+
+	srv.Addr = ":8080"
 	srv.Handler = serveMux
 	log.Print("starting server")
 	log.Fatal(srv.ListenAndServe())
diff --git a/rules.v4 b/rules.v4
index 72c21f2..ff9dd37 100644
--- a/rules.v4
+++ b/rules.v4
@@ -4,7 +4,8 @@
 :INPUT ACCEPT [1:60]
 :OUTPUT ACCEPT [2:120]
 :POSTROUTING ACCEPT [2:120]
--A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8000
+-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
+-A PREROUTING -p tcp -m tcp --dport 43 -j REDIRECT --to-ports 8043
 COMMIT
 # Completed on Fri Sep 28 01:39:23 2018
 # Generated by iptables-save v1.6.0 on Fri Sep 28 01:39:23 2018