diff --git a/nginx-site-available/config.tf b/nginx-site-available/config.tf
index 22d79f5..8ae05d1 100644
--- a/nginx-site-available/config.tf
+++ b/nginx-site-available/config.tf
@@ -10,6 +10,7 @@ locals {
     certificate      = var.certificate
     basic_auth       = var.basic_auth
     auth_file        = var.basic_auth != null ? "${var.hostname}-auth.conf" : ""
+    allow_ssl        = var.allow_ssl
     allow_non_ssl    = var.allow_non_ssl
     redirect_non_ssl = var.redirect_non_ssl
     timeout_seconds  = var.timeout_seconds
diff --git a/nginx-site-available/inputs.tf b/nginx-site-available/inputs.tf
index f5dc63d..0ad633f 100644
--- a/nginx-site-available/inputs.tf
+++ b/nginx-site-available/inputs.tf
@@ -25,6 +25,10 @@ variable "basic_auth" {
   })
   default = null
 }
+variable "allow_ssl" {
+  type    = bool
+  default = true
+}
 variable "allow_non_ssl" {
   type    = bool
   default = false
diff --git a/nginx-site-available/nginx_template.conf b/nginx-site-available/nginx_template.conf
index 463cbc5..9e9dc90 100644
--- a/nginx-site-available/nginx_template.conf
+++ b/nginx-site-available/nginx_template.conf
@@ -24,12 +24,14 @@ server {
 server {
 %{if allow_non_ssl~}
   # Non-SSL Traffic is allowed
-  listen                        ${http_port~}
+  listen                        ${http_port~};
   listen                        [::]:${http_port};
 %{endif~}
+%{if allow_ssl~}
   # SSL Traffic is allowed
   listen                        ${https_port} ssl;
   listen                        [::]:${https_port} ssl;
+%{endif~}
   server_name                   ${hostname};
   access_log                    /var/log/nginx/${hostname}.access.log;
   error_log                     /var/log/nginx/${hostname}.error.log;