diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 243622e353bfc79615d09c8af22ae456327259f3..a73657fdda16085abc1faf98063c87e2c783c4d7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,8 +10,7 @@ stages:
   script: |
     mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
     export suffix=`expr $CI_COMMIT_TAG ':' '2.4-\(.*\)'`
-    cd 2.4
-    docker build --pull -t ubleipzig/vufind-httpd:2.4 .
+    docker build --pull -t ubleipzig/vufind-httpd:2.4 -f 2.4/Dockerfile 2.4
     docker push ubleipzig/vufind-httpd:2.4
     for tag in "latest" "2" "2.4-${suffix}"; do
       docker tag ubleipzig/vufind-httpd:2.4 ubleipzig/vufind-httpd:${tag}
@@ -32,8 +31,7 @@ vufind1:
   script: |
     mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
     export suffix=`expr ${CI_COMMIT_TAG} ':' 'vufind1-2.4-\(.*\)'`
-    cd vufind1
-    docker build --pull -t ubleipzig/vufind-httpd:vufind1 .
+    docker build --pull -t ubleipzig/vufind-httpd:vufind1 -f 2.4/vufind1/Dockerfile 2.4/vufind1
     docker push ubleipzig/vufind-httpd:vufind1
     for tag in "2" "2.4" "2.4-${suffix}"; do
       docker tag ubleipzig/vufind-httpd:vufind1 ubleipzig/vufind-httpd:vufind1-${tag}
diff --git a/2.4/Dockerfile b/2.4/Dockerfile
index 475d7a908e5f734cfe08a2225965553cb2545698..7f8f64ab40089943f4a80fb8e22540fbd702b578 100644
--- a/2.4/Dockerfile
+++ b/2.4/Dockerfile
@@ -5,6 +5,11 @@ CMD ["httpd-foreground"]
 ENV BASE_PATH=""
 
 ADD assets/docker-entrypoint /docker-entrypoint
-RUN chmod a+x /docker-entrypoint
 
 ADD assets/httpd.conf /usr/local/apache2/conf/httpd.conf
+
+RUN chmod a+x /docker-entrypoint \
+	&& apk add --no-cache openssl \
+	&& openssl genrsa -out /usr/local/apache2/conf/server.key 2048 \
+	&& openssl req -nodes -new -x509 -newkey rsa:4096 -subj "/CN=localhost" -keyout /usr/local/apache2/conf/server.key -out /usr/local/apache2/conf/server.crt -days 3650 \
+	&& apk del --no-cache openssl
diff --git a/2.4/assets/httpd.conf b/2.4/assets/httpd.conf
index ec598a3992dfd0171fb7a3eb486263853dbb85b7..4781ffb03190324fdf99139b5b9ac1a9685f46ab 100644
--- a/2.4/assets/httpd.conf
+++ b/2.4/assets/httpd.conf
@@ -88,10 +88,7 @@ LoadModule auth_basic_module modules/mod_auth_basic.so
 #LoadModule allowmethods_module modules/mod_allowmethods.so
 #LoadModule isapi_module modules/mod_isapi.so
 #LoadModule file_cache_module modules/mod_file_cache.so
-#LoadModule cache_module modules/mod_cache.so
 #LoadModule cache_disk_module modules/mod_cache_disk.so
-#LoadModule cache_socache_module modules/mod_cache_socache.so
-#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 #LoadModule socache_dbm_module modules/mod_socache_dbm.so
 #LoadModule socache_memcache_module modules/mod_socache_memcache.so
 #LoadModule watchdog_module modules/mod_watchdog.so
@@ -155,7 +152,12 @@ LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
 #LoadModule session_dbd_module modules/mod_session_dbd.so
 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-#LoadModule ssl_module modules/mod_ssl.so
+<IfDefine ssl>
+  LoadModule ssl_module modules/mod_ssl.so
+  LoadModule cache_module modules/mod_cache.so
+  LoadModule cache_socache_module modules/mod_cache_socache.so
+  LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+</IfDefine>
 #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
 #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
 #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
@@ -258,8 +260,8 @@ ServerAdmin you@example.com
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-DocumentRoot "/usr/local/vufind/public"
-<Directory "/usr/local/vufind/public">
+DocumentRoot "/usr/local/apache2/htdocs"
+<Directory "/usr/local/apache2/htdocs">
     #
     # Possible values for the Options directive are "None", "All",
     # or any combination of:
@@ -533,14 +535,13 @@ LogLevel warn
 Include conf/extra/proxy-html.conf
 </IfModule>
 
-# Secure (SSL/TLS) connections
-#Include conf/extra/httpd-ssl.conf
-#
 # Note: The following must must be present to support
 #       starting without SSL on platforms with no /dev/random equivalent
 #       but a statically compiled-in mod_ssl.
 #
+# Secure (SSL/TLS) connections
 <IfModule ssl_module>
+Include conf/extra/httpd-ssl.conf
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>
diff --git a/vufind1/Dockerfile b/2.4/vufind1/Dockerfile
similarity index 100%
rename from vufind1/Dockerfile
rename to 2.4/vufind1/Dockerfile
diff --git a/vufind1/assets/httpd.conf b/2.4/vufind1/assets/httpd.conf
similarity index 100%
rename from vufind1/assets/httpd.conf
rename to 2.4/vufind1/assets/httpd.conf
diff --git a/Docker.md b/Docker.md
index 45de0c3c9c17212da52825d863638f3346c3bf48..94ad074689c6dccf1f6fe596358be445394ccd90 100644
--- a/Docker.md
+++ b/Docker.md
@@ -24,6 +24,27 @@ You can start the webserver as follows:n:
   --environment BASE_PATH=/vufind
   ubleipzig/vufind-httpd
 ```
+## advanced configuration
+
+### SSL
+
+To start containers with ssl-support enabled one has to modify the containers startup command:
+
+    httpd -D FOREGROUND -D ssl
+
+By this apache will load all necessary modules and configuration to enable SSL on port 443. The provided key and certificate are self-signed and not meant for production usage. to provide a valid key and certificate the files `/usr/local/apache2/conf/server.key` and `/usr/local/apache2/conf/server.crt` have to be overridden e.g.
+
+```bash
+$# docker run --name httpd \
+  --link php:php \
+  --volume /path/to/vufind:/usr/local/vufind:ro \
+  --volume /path/to/cache:/var/cache/vufind:ro \
+  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
+  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
+  --environment BASE_PATH=/vufind \
+  ubleipzig/vufind-httpd \
+  httpd -D FOREGROUND -D ssl
+```
 
 ## Notes
 
diff --git a/Liesmich.md b/Liesmich.md
index 2c75d9252b78aea7f8a15a2c69c15b19477edfc9..b9e2622de8981a721f7a9f17a306a8e40b2fc7a4 100644
--- a/Liesmich.md
+++ b/Liesmich.md
@@ -21,10 +21,32 @@ $# docker run --name httpd \
   --link php:php \
   --volume /path/to/vufind:/usr/local/vufind:ro \
   --volume /path/to/cache:/var/cache/vufind:ro \
-  --environment BASE_PATH=/vufind
+  --environment BASE_PATH=/vufind \
   ubleipzig/vufind-httpd
 ```
 
+## erweiterte Konfiguration
+
+### SSL
+
+Um den Container mit SSL-Unterstützung zu starten, muss der Startbefehl angepasst werden:
+
+    httpd -D FOREGROUND -D ssl
+
+Dadurch werden in Apache2 erforderiche Module und Konfigurationen geladen, um SSL an Port 443 zur Verfügung zu stellen. Als Schlüssel und Zertifikate werden im Image eingebaute selbstignierte Objekte benutzt. Möchte man eigens erstellte Objekte nutzen, so müssen die Dateien `/usr/local/apache2/conf/server.key` und `/usr/local/apache2/conf/server.crt` entsprechend überschrieben werden. z.B.
+
+```bash
+$# docker run --name httpd \
+  --link php:php \
+  --volume /path/to/vufind:/usr/local/vufind:ro \
+  --volume /path/to/cache:/var/cache/vufind:ro \
+  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
+  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
+  --environment BASE_PATH=/vufind \
+  ubleipzig/vufind-httpd \
+  httpd -D FOREGROUND -D ssl
+```
+
 ## Anmerkungen
 
 * Das *vufind1*-Image existiert, um Entwicklern das Umschalten zu VuFind1-Instanzen so einfach wie möglich zu machen. Hier wird keine weitere Arbeit investiert, z.B. funktioniert die Pfad-Konfiguration über die `BASE_PATH`-Variable nicht.