diff --git a/ubuntu/sanya.asininetech.net.yml b/ubuntu/sanya.asininetech.net.yml
index 2cb6960..2a44e36 100644
--- a/ubuntu/sanya.asininetech.net.yml
+++ b/ubuntu/sanya.asininetech.net.yml
@@ -14,6 +14,25 @@
         - listen *:80
         - listen [::]:80
         - server_name git.packetcat.ca
+        - return 301 "https://$host$request_uri"
+      git.packetcat.ca.https:
+        - listen *:443 ssl http2
+        - listen [::]:443 ssl http2
+        - server_name git.packetcat.ca
+        - access_log "/var/log/nginx/git.packetcat.ca.access.log"
+        - error_log "/var/log/nginx/git.packetcat.ca.error.log"
+        - ssl_certificate "/etc/ssl/letsencrypt/git.packetcat.ca.crt"
+        - ssl_certificate_key "/etc/ssl/letsencrypt/git.packetcat.ca.pem"
+        - ssl_stapling on
+        - resolver [::1] valid=300s
+        - add_header Strict-Transport-Security max-age=31536000
+        - location / {
+            proxy_pass http://127.0.0.1:3000;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          }
     nginx_configs:
       gzip:
         - gzip on