diff --git a/roles/prometheus-alert-manager/meta/main.yml b/roles/prometheus-alert-manager/meta/main.yml
new file mode 100644
index 0000000..ff0926f
--- /dev/null
+++ b/roles/prometheus-alert-manager/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: install_nginx
diff --git a/roles/prometheus-alert-manager/tasks/main.yml b/roles/prometheus-alert-manager/tasks/main.yml
index 20652f7..9e432f6 100644
--- a/roles/prometheus-alert-manager/tasks/main.yml
+++ b/roles/prometheus-alert-manager/tasks/main.yml
@@ -20,22 +20,39 @@
   vars:
     args:
       - name: web.listen-address
-        value: "{{ lan_address }}:9093"
+        value: "127.0.0.1:9093"
 
-#- name: Copy the CA cert
-#  copy:
-#    content: "{{ ca_cert }}"
-#    dest: /etc/?/ca.crt
-#  notify: Restart Alertmanager
-#
-#- name: Generate certificate
-#  include_role:
-#    name: generate-cert
-#  vars:
-#    directory: /etc/?/
-#    cname: "alertmanager-{{ lan_address }}"
-#    owner: ?
-#    group: ?
-#    key_mode: u=rw,g=,o=
-#    subject_alt_name: "IP:{{ lan_address }}"
-## Need an equivalent to notify here
+- name: Copy the CA cert
+  copy:
+    content: "{{ ca_cert }}"
+    dest: /etc/prometheus/ca.crt
+  notify: 
+   - Restart Alertmanager
+   - Reload nginx
+
+- name: Generate certificate
+  include_role:
+    name: generate-cert
+  vars:
+    directory: /etc/prometheus/
+    cname: "alertmanager-{{ lan_address }}"
+    owner: prometheus
+    group: prometheus
+    key_mode: u=rw,g=,o=
+    subject_alt_name: "IP:{{ lan_address }}"
+# Need an equivalent to notify here
+
+# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
+# Think prometheus, think!
+- name: Copy the nginx config
+  template:
+    src: atrocious_nginx_stub
+    dest: "/etc/nginx/sites-available/internal-alertmanager"
+  notify: Reload nginx
+
+- name: Activate the config
+  file:
+    src: "/etc/nginx/sites-available/internal-alertmanager"
+    dest: "/etc/nginx/sites-enabled/internal-alertmanager"
+    state: link
+    force: yes
diff --git a/roles/prometheus-alert-manager/templates/atrocious_nginx_stub b/roles/prometheus-alert-manager/templates/atrocious_nginx_stub
new file mode 100644
index 0000000..e45ab96
--- /dev/null
+++ b/roles/prometheus-alert-manager/templates/atrocious_nginx_stub
@@ -0,0 +1,13 @@
+{{ ansible_managed | comment }}
+
+server {
+    listen {{ lan_address }}:9093 ssl;
+    ssl_certificate /etc/prometheus/alertmanager-{{ lan_address }}.crt;
+    ssl_certificate_key /etc/prometheus/alertmanager-{{ lan_address }}.key;
+    ssl_client_certificate /etc/prometheus/ca.crt;
+    ssl_verify_client on;
+
+    location / {
+        proxy_pass http://127.0.0.1:9093;
+    }
+}
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 5b62111..817d808 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -34,7 +34,9 @@
   copy:
     content: "{{ ca_cert }}"
     dest: /etc/prometheus/ca.crt
-  notify: Restart prometheus
+  notify:
+   - Restart prometheus
+   - Reload nginx
 
 - name: Setup the prometheus config
   template:
diff --git a/roles/prometheus/templates/prometheus.yml b/roles/prometheus/templates/prometheus.yml
index c2c01c9..f8be17b 100644
--- a/roles/prometheus/templates/prometheus.yml
+++ b/roles/prometheus/templates/prometheus.yml
@@ -15,6 +15,11 @@ alerting:
   alertmanagers:
   - static_configs:
     - targets: ['{{ lan_address }}:9093']
+    scheme: https
+    tls_config:
+      ca_file: '/etc/prometheus/ca.crt'
+      cert_file: '/etc/prometheus/prometheus-{{ lan_address }}.crt'
+      key_file: '/etc/prometheus/prometheus-{{ lan_address }}.key'
 
 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
 rule_files: