diff --git a/main.go b/main.go
index ee57055..aac1c1a 100644
--- a/main.go
+++ b/main.go
@@ -21,9 +21,10 @@ type Server struct {
 	transport *http.Transport
 	whitelist []string
 	bypass    []string
+	secure    []string
 }
 
-func NewServer(addr, clientcrt, clientkey, servercrt string, whitelist []string, bypass []string) (*Server, error) {
+func NewServer(addr, clientcrt, clientkey, servercrt string, whitelist, bypass, secure []string) (*Server, error) {
 	caCert, err := ioutil.ReadFile(servercrt)
 	if err != nil {
 		return nil, err
@@ -49,6 +50,7 @@ func NewServer(addr, clientcrt, clientkey, servercrt string, whitelist []string,
 		},
 		whitelist: whitelist,
 		bypass:    bypass,
+		secure:    secure,
 	}, nil
 }
 
@@ -57,20 +59,24 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	fixScheme(r)
 	// if not from localhost
 	if !fromLocalhost(r.RemoteAddr) {
-		logger.Log("not from localhost", r.RemoteAddr)
+		logger.Log("Denying non-localhost", r.RemoteAddr)
 		denyAccess(w)
 		return
 	}
 	if !toWhitelist(s.whitelist, r.URL.Host) {
-		logger.Log("not to whitelist", r.URL.Host)
+		logger.Log("Denying non-whitelisted", r.URL.Host)
 		denyAccess(w)
 		return
 	}
 	if toWhitelist(s.bypass, r.URL.Host) {
-		//logger.Log("Bypassing", r.URL.String())
+		logger.Log("Bypassing", r.URL.String())
 		s.passthrough(w, r)
 		return
 	}
+	if toWhitelist(s.secure, r.URL.Host) {
+		logger.Log("Securing", r.URL.String(), r.Host)
+		r.URL.Scheme = "https"
+	}
 	//logger.Log("Proxying", r.URL.String())
 	// proxy via stuncaddsies
 	s.handleHTTP(w, r)
@@ -205,14 +211,16 @@ func main() {
 		"port":      "8888",
 		"whitelist": "192.168.0.86,,bel.house,,minio.gcp.blapointe.com",
 		"bypass":    "plex.tv",
+		"secure":    "gcp.blapointe.com",
 	})
 	if !strings.HasPrefix(conf["port"], ":") {
 		conf["port"] = ":" + conf["port"]
 	}
 	whitelist := strings.Split(conf["whitelist"], ",,")
 	bypass := strings.Split(conf["bypass"], ",,")
+	secure := strings.Split(conf["secure"], ",,")
 	logger.Log(conf)
-	server, err := NewServer(conf["stunaddr"], conf["clientcrt"], conf["clientkey"], conf["servercrt"], append(whitelist, bypass...), bypass)
+	server, err := NewServer(conf["stunaddr"], conf["clientcrt"], conf["clientkey"], conf["servercrt"], append(whitelist, bypass...), bypass, secure)
 	if err != nil {
 		logger.Fatal(err)
 	}