diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix
index 28e98ec..56bfa78 100644
--- a/configuration/nginx/ssl.nix
+++ b/configuration/nginx/ssl.nix
@@ -81,10 +81,7 @@
               ../../modules/serviceTests/mocks.nix
             ];
 
-            networking.firewall.allowedTCPPorts = [
-              80
-              443
-            ];
+            networking.firewall.allowedTCPPorts = [ 443 ];
 
             security.acme.certs."tlater.net".extraDomainNames = [ config.services.nginx.domain ];
 
@@ -93,6 +90,7 @@
 
               virtualHosts."${config.services.nginx.domain}" = {
                 useACMEHost = "tlater.net";
+                onlySSL = true;
                 enableHSTS = true;
                 locations."/".return = "200 ok";
               };