diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..ee5b1c0
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,7 @@
+{
+  local_certs
+}
+
+nodeauth.dev {
+  reverse_proxy 127.0.0.1:3000
+}
\ No newline at end of file
diff --git a/src/accounts/user.js b/src/accounts/user.js
index f50c20e..4c3cac7 100644
--- a/src/accounts/user.js
+++ b/src/accounts/user.js
@@ -60,11 +60,13 @@ export async function refreshTokens(sessionToken, userId, reply) {
         path: "/",
         domain: "localhost",
         httpOnly: true,
+        secure: true,
         expires: refreshExpires,
       }).setCookie('accessToken', accessToken, {
         path: "/",
         domain: "localhost",
         httpOnly: true,
+        secure: true,
       })
   } catch (e) {
     console.error(e)