diff --git a/zun/cmd/wsproxy.py b/zun/cmd/wsproxy.py
index aa5f94993..798b16e4a 100644
--- a/zun/cmd/wsproxy.py
+++ b/zun/cmd/wsproxy.py
@@ -34,6 +34,9 @@ def main():
     websocketproxy.ZunWebSocketProxy(
         listen_host=host,
         listen_port=port,
+        cert=CONF.websocket_proxy.cert,
+        key=CONF.websocket_proxy.key,
+        ssl_only=CONF.websocket_proxy.ssl_only,
         file_only=True,
         RequestHandlerClass=websocketproxy.ZunProxyRequestHandler
     ).start_server()
diff --git a/zun/conf/websocket_proxy.py b/zun/conf/websocket_proxy.py
index 942c45f5b..872656dbf 100644
--- a/zun/conf/websocket_proxy.py
+++ b/zun/conf/websocket_proxy.py
@@ -78,6 +78,14 @@ Possible values:
 
 * A list where each element is an allowed origin hostnames, else an empty list
 """),
+    cfg.BoolOpt('ssl_only',
+                help="Disallow non-encrypted connections."),
+    cfg.StrOpt('cert',
+               default='',
+               help="Path to SSL certificate file."),
+    cfg.StrOpt('key',
+               default='',
+               help="SSL key file (if separate from cert)."),
 ]
 
 ALL_OPTS = (wsproxy_opts)