diff --git a/Dockerfile b/Dockerfile
index c0145fc..12e6075 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,8 @@ RUN \
 COPY opt/ /opt
 COPY etc/ /opt/etc
 COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
-COPY crontab /etc/crontab
+COPY crontab /etc/
+COPY mosquitto.conf-sample /opt/etc/mosquitto/
 
 VOLUME /opt/etc
 VOLUME /opt/data
@@ -35,5 +36,5 @@ EXPOSE 9001/tcp
 
 WORKDIR /opt
 
-CMD [ "/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf" ]
+CMD "/usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf"
 
diff --git a/mosquitto.conf-sample b/mosquitto.conf-sample
index 59c2950..e00c041 100644
--- a/mosquitto.conf-sample
+++ b/mosquitto.conf-sample
@@ -8,6 +8,15 @@ protocol mqtt
 #allow_anonymous true
 allow_anonymous false
 
+listener 8883
+protocol mqtt
+#allow_anonymous true
+allow_anonymous false
+certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem
+keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem
+dhparamfile /opt/etc/mosquitto/dh.pem
+tls_version tlsv1.2
+
 auth_plugin /opt/lib/go-auth.so
 auth_opt_log_dest stdout
 auth_opt_log_level debug