diff --git a/docker-compose.yml b/docker-compose.yml
index 5aad9d8b1b3603d75d32422b77f3d0f6a717ca3b..2ff63049c30154ebf2b96525d682c98139f865ca 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,16 @@
 services:
+  front:
+    build:
+      context: ./docker/front
+    volumes:
+      - type: volume
+        source: homedir
+        target: /etc/kasm
+        volume:
+          subpath: kasm-user/
   kasm:
     build:
-      context: ./docker/
+      context: ./docker/kasm
       target: kasmvnc-base
       args:
         - SPYDER=${SPYDER}
@@ -16,7 +25,7 @@ services:
       - SPYDER=${SPYDER}
       - ANACONDA=${ANACONDA}
       - KASM_USER=${VNC_USER}
-      - VNCOPTIONS=-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0 -select-de manual -UnixRelay printer:/tmp/printer -allowoverride AcceptPointerEvents,BlacklistTimeout,BlacklistThreshold -blacklistthreshold 1000 -blacklisttimeout 1"
+      - VNCOPTIONS=-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0 -select-de manual -UnixRelay printer:/tmp/printer -allowoverride AcceptPointerEvents  -disableBasicAuth
 
 
 volumes:
diff --git a/docker/front/Dockerfile b/docker/front/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..4dd6f60be965959780c7816edc72557cff3b36dc
--- /dev/null
+++ b/docker/front/Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx:latest
+
+COPY nginx.conf /etc/nginx/conf.d/kasm.conf
+
+COPY start.sh /docker-entrypoint.d
diff --git a/docker/front/nginx.conf b/docker/front/nginx.conf
new file mode 100644
index 0000000000000000000000000000000000000000..8d11269f5306b0d985a7341bded304f03ffbc8c6
--- /dev/null
+++ b/docker/front/nginx.conf
@@ -0,0 +1,20 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name nginx;
+    ssl_certificate      /etc/nginx/certs/nginx.crt;
+    ssl_certificate_key  /etc/nginx/certs/nginx.key;
+    location / {
+       auth_basic           "Administrator’s Area";
+       auth_basic_user_file /etc/kasm/.nginxpasswd;
+       proxy_set_header X-Real-IP $remote_addr;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection "upgrade";
+       proxy_set_header Host $http_host;
+       proxy_cache_bypass $http_upgrade;
+       proxy_pass https://kasm:6901/;
+     }
+}
diff --git a/docker/front/start.sh b/docker/front/start.sh
new file mode 100755
index 0000000000000000000000000000000000000000..68e05f1d3d7390b7afe49be373195db5c4466c3f
--- /dev/null
+++ b/docker/front/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mkdir -p /etc/nginx/certs
+echo -e "FR\n\n\n\n\n\n\n" | openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+        -keyout /etc/nginx/certs/nginx.key -out /etc/nginx/certs/nginx.crt
diff --git a/docker/Dockerfile b/docker/kasm/Dockerfile
similarity index 100%
rename from docker/Dockerfile
rename to docker/kasm/Dockerfile
diff --git a/docker/change_password.sh b/docker/kasm/change_password.sh
similarity index 91%
rename from docker/change_password.sh
rename to docker/kasm/change_password.sh
index 2ca771d3b78e6f8cde3f0aa3bd193654005cd8cd..eb2cd5c3cbf7bb731780299db8f7381c39db4c93 100755
--- a/docker/change_password.sh
+++ b/docker/kasm/change_password.sh
@@ -10,6 +10,7 @@ if [ "$password" == "$confirm" ]; then
     message=$(echo -e "$password\n$password\n" | kasmvncpasswd -u $KASM_USER -wo 2>&1)
     if [ $? -eq 0 ]; then
         cp $HOME/.kasmpasswd $HOME/.kasmpasswd.persist
+        cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
         # Restart the VNC server
         kill $(cat .vnc/*.pid)
         icon="info"
diff --git a/docker/custom_startup.sh b/docker/kasm/custom_startup.sh
similarity index 95%
rename from docker/custom_startup.sh
rename to docker/kasm/custom_startup.sh
index 6ecc32c8e05ce325ef8fb80aa365cbf8c12bf3ca..7c06020e773cc8fbf724e18c7f714e011153fb4b 100755
--- a/docker/custom_startup.sh
+++ b/docker/kasm/custom_startup.sh
@@ -41,6 +41,7 @@ if [ -f "$HOME/.kasmpasswd.persist" ]; then
     cp $HOME/.kasmpasswd.persist $HOME/.kasmpasswd
     chown 600 $HOME/.kasmpasswd
 fi
+cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
 
 # We should not exit
 sleep infinity
diff --git a/ports.yml b/ports.yml
index 68a912b3c266f4429125b0928e807c7b749ba1a7..6d1033af8764de8c6c5a74e6044551069763ed59 100644
--- a/ports.yml
+++ b/ports.yml
@@ -1,4 +1,4 @@
 services:
-  kasm:
+  front:
     ports:
-      - ${PORT}:6901
+      - ${PORT}:443