diff --git a/backend/services/ws/.env b/backend/services/ws/.env
index 5280c45..b260e49 100644
--- a/backend/services/ws/.env
+++ b/backend/services/ws/.env
@@ -1,4 +1,5 @@
 SERVER_PORT=""
 SERVER_AUTH_TOKEN=""
 CONTROLLER_EID=""
-SERVER_AUTH_ENABLE=""
\ No newline at end of file
+SERVER_AUTH_ENABLE=""
+SERVER_TLS_ENABLE=""
\ No newline at end of file
diff --git a/backend/services/ws/.gitignore b/backend/services/ws/.gitignore
index fdb28ae..bb855f3 100644
--- a/backend/services/ws/.gitignore
+++ b/backend/services/ws/.gitignore
@@ -1,2 +1,3 @@
 .env.local
-ws
\ No newline at end of file
+ws
+*.pem
\ No newline at end of file
diff --git a/backend/services/ws/internal/config/config.go b/backend/services/ws/internal/config/config.go
index 41b5c42..9aebb3f 100644
--- a/backend/services/ws/internal/config/config.go
+++ b/backend/services/ws/internal/config/config.go
@@ -15,6 +15,7 @@ type Config struct {
 	Auth          bool   // server auth enable/disable
 	Token         string // controller auth token
 	ControllerEID string // controller endpoint id
+	Tls           bool   // enable/diable websockets server tls
 }
 
 func NewConfig() Config {
@@ -36,6 +37,7 @@ func NewConfig() Config {
 	flToken := flag.String("token", lookupEnvOrString("SERVER_AUTH_TOKEN", ""), "Controller auth token")
 	flAuth := flag.Bool("auth", lookupEnvOrBool("SERVER_AUTH_ENABLE", false), "Server auth enable/disable")
 	flControllerEid := flag.String("controller-eid", lookupEnvOrString("CONTROLLER_EID", "oktopusController"), "Controller eid")
+	flTls := flag.Bool("tls", lookupEnvOrBool("SERVER_TLS_ENABLE", false), "Enable/diable websockets server tls")
 	flHelp := flag.Bool("help", false, "Help")
 	flag.Parse()
 	/* -------------------------------------------------------------------------- */
@@ -50,6 +52,7 @@ func NewConfig() Config {
 		Token:         *flToken,
 		Auth:          *flAuth,
 		ControllerEID: *flControllerEid,
+		Tls:           *flTls,
 	}
 }
 
diff --git a/backend/services/ws/internal/ws/ws.go b/backend/services/ws/internal/ws/ws.go
index 6222c29..8f62ea1 100644
--- a/backend/services/ws/internal/ws/ws.go
+++ b/backend/services/ws/internal/ws/ws.go
@@ -24,12 +24,19 @@ func StartNewServer(c config.Config) {
 		handler.ServeController(w, r, c.Token, c.ControllerEID, c.Auth)
 	})
 
-	log.Println("Websockets server running")
-
 	go func() {
-		err := http.ListenAndServe(c.Port, r)
-		if err != nil {
-			log.Fatal("ListenAndServe: ", err)
+		if c.Tls {
+			log.Println("Websockets server running with TLS")
+			err := http.ListenAndServeTLS(c.Port, "cert.pem", "key.pem", r)
+			if err != nil {
+				log.Fatal("ListenAndServeTLS: ", err)
+			}
+		} else {
+			log.Println("Websockets server running")
+			err := http.ListenAndServe(c.Port, r)
+			if err != nil {
+				log.Fatal("ListenAndServe: ", err)
+			}
 		}
 	}()
 }