diff --git a/config/environments/production.rb b/config/environments/production.rb
index 03085a62..99d6fcff 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -42,7 +42,7 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = SITE_CONFIG['force_ssl']
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
diff --git a/config/site.yml.tmpl b/config/site.yml.tmpl
index 3bf0d91f..362c8ef6 100644
--- a/config/site.yml.tmpl
+++ b/config/site.yml.tmpl
@@ -25,6 +25,9 @@ secure_cookies: false
 #
 secret_token: "change-me"
 
+# Set to true when your application is running with https
+force_ssl: false
+
 # Configure how static assets (images, stylesheets, etc.) will be served.
 # The best practice is to have a proxying web server such as Apache or Nginx
 # serve static assets (images, stylesheets, javascript) for you. Change