diff --git a/.env b/.env
new file mode 100644
index 0000000..851d32f
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+RS_PUBLISHED_DOMAIN=dam.internal.yel.or.id
+RS_SERVERADMIN=hendra@yel.or.id
+DNS_CLOUDFLARE_API_TOKEN=3WedMWHhoDPxge5yMPJgQPFhRXCTp6zpasTIlaIu
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index da5ecc3..9069b80 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,6 +31,9 @@ RUN apt-get update && apt-get install -y \
     python3-opencv \
     python3 \
     python3-pip \
+    certbot \
+    python3-certbot-apache \
+    python3-certbot-dns-cloudflare \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
@@ -39,10 +42,32 @@ RUN sed -i -e "s/upload_max_filesize\s*=\s*2M/upload_max_filesize = 100M/g" /etc
  && sed -i -e "s/max_execution_time\s*=\s*30/max_execution_time = 300/g" /etc/php/8.3/apache2/php.ini \
  && sed -i -e "s/memory_limit\s*=\s*128M/memory_limit = 1G/g" /etc/php/8.3/apache2/php.ini
 
-RUN printf '<Directory /var/www/>\n\
+RUN mkdir -p ~/.secrets/certbot \
+    touch ~/.secrets/certbot/cloudflare.ini \
+    chmod 600 ~/.secrets/certbot/cloudflare.ini
+	
+RUN printf 'dns_cloudflare_api_token=$DNS_CLOUDFLARE_API_TOKEN' >>  ~/.secrets/certbot/cloudflare.ini
+
+RUN touch /etc/apache2/sites-available/$RS_PUBLISHED_DOMAIN.conf
+
+RUN printf '<VirtualHost *:80>\n\
+\tServerName $RS_PUBLISHED_DOMAIN\n\
+\tServerAdmin $RS_SERVERADMIN\n\
+\tDocumentRoot /var/www/html\n\
+\n\
+\tErrorLog ${APACHE_LOG_DIR}/$RS_PUBLISHED_DOMAIN.error.log\n\
+\tCustomLog ${APACHE_LOG_DIR}/$RS_PUBLISHED_DOMAIN.access.log combined\n\
+</VirtualHost>\n'\
+\n\
+<Directory /var/www/>\n'\
 \tOptions FollowSymLinks\n\
-</Directory>\n'\
->> /etc/apache2/sites-enabled/000-default.conf
+</VirtualHost>\n'\
+>> /etc/apache2/sites-available/$RS_PUBLISHED_DOMAIN.conf
+
+RUN a2ensite $RS_PUBLISHED_DOMAIN.conf \
+    service apache2 reload
+
+RUN certbot run --apache --non-interactive --agree-tos -m $RS_SERVERADMIN --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d $RS_PUBLISHED_DOMAIN
 
 ADD cronjob /etc/cron.daily/resourcespace
 
diff --git a/db.env b/db.env
index 234f5dc..28b8730 100644
--- a/db.env
+++ b/db.env
@@ -1,4 +1,4 @@
-MYSQL_PASSWORD=change-me
-MYSQL_ROOT_PASSWORD=change-me
+MYSQL_PASSWORD=DAMSedapMalamIX3
+MYSQL_ROOT_PASSWORD=DAMasterSedapMalamIX3
 MYSQL_DATABASE=resourcespace
-MYSQL_USER=resourcespace_rw
\ No newline at end of file
+MYSQL_USER=resourcespace_rw
diff --git a/docker-compose.yaml b/docker-compose.yaml
index d27e2a6..ee7fd84 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -6,6 +6,7 @@ services:
     depends_on:
       - mariadb
     volumes:
+      - usrhome:~
       - include:/var/www/html/include
       - filestore:/var/www/html/filestore
       - ./testdir:/srv/storage/testdir
@@ -14,6 +15,7 @@ services:
       - backend
     ports:
       - "80:80"
+      - "443:443"
 
   mariadb:
     image: mariadb
@@ -31,6 +33,7 @@ networks:
   backend:
 
 volumes:
+  usrhome:
   mariadb:
   include:
   filestore: