diff --git a/README.md b/README.md
index 9ffa882..9d04a2f 100644
--- a/README.md
+++ b/README.md
@@ -9,8 +9,9 @@ Run in WSL 2 (Ubuntu)
 ## Containers
 
 1. Get DO API key and save to ~/.digitalocean.ini `dns_digitalocean_token = xxxxx`
-1. Create SSL cert for local dev `dc run --entrypoint certbot certbot certonly  --dns-digitalocean --dns-digitalocean-credentials /root/.digitalocean.ini --agree-tos --email hello@rikk.it --domain dev.rikk.it`
-1. 
+1. Create SSL cert for local dev `dc run --entrypoint certbot certbot certonly --dns-digitalocean --dns-digitalocean-credentials /root/.digitalocean.ini --agree-tos --email hello@rikk.it --domain api-dev.rikk.it dev.rikk.it`
+1. Add entries to hosts on Windows `xx.xx.xx.xx		dev.rikk.it api-dev.rikk.it` - IP is `host.docker.internal` resolved
+1. `dc up -d`
 
 # Licence
 
diff --git a/src/proxy/nginx.dev.conf b/src/proxy/nginx.dev.conf
index 6aa7c39..24c0c0f 100644
--- a/src/proxy/nginx.dev.conf
+++ b/src/proxy/nginx.dev.conf
@@ -1,57 +1,37 @@
 
 server {
   listen 80;
-  server_name api-dev.rikk.it;
+  server_name dev.rikk.it test.rikk.it api-dev.rikk.it;
   
   location / {
-    proxy_pass http://backend:1337;
+    return 301 https://$host$request_uri;
   }
 }
 
 server {
-  listen 80;
-  server_name dev.rikk.it;
-  
+  listen 443 ssl;
+  server_name test.rikk.it; # TEMP dev.rikk.it got rate limited :(
+
+  ssl_certificate /etc/letsencrypt/live/test.rikk.it/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/test.rikk.it/privkey.pem;
+  include /etc/letsencrypt/letsencrypt-recommended-ssl.conf;
+  ssl_dhparam /etc/letsencrypt/letsencrypt-dhparams.pem;
+
   location / {
     proxy_pass http://frontend:3000;
   }
 }
 
-# TODO SSL
-
-# server {
-#   listen 80;
-#   server_name dev.rikk.it api-dev.rikk.it;
-  
-#   location / {
-#     return 301 https://$host$request_uri;
-#   }
-# }
-
-# server {
-#   listen 443 ssl;
-#   server_name dev.rikk.it;
-
-#   ssl_certificate /etc/letsencrypt/live/dev.rikk.it/fullchain.pem;
-#   ssl_certificate_key /etc/letsencrypt/live/dev.rikk.it/privkey.pem;
-#   include /etc/letsencrypt/letsencrypt-recommended-ssl.conf;
-#   ssl_dhparam /etc/letsencrypt/letsencrypt-dhparams.pem;
-
-#   location / {
-#     proxy_pass http://frontend:3000;
-#   }
-# }
-
-# server {
-#   listen 443 ssl;
-#   server_name api-dev.rikk.it;
+server {
+  listen 443 ssl;
+  server_name api-dev.rikk.it;
 
-#   ssl_certificate /etc/letsencrypt/live/dev.rikk.it/fullchain.pem;
-#   ssl_certificate_key /etc/letsencrypt/live/dev.rikk.it/privkey.pem;
-#   include /etc/letsencrypt/letsencrypt-recommended-ssl.conf;
-#   ssl_dhparam /etc/letsencrypt/letsencrypt-dhparams.pem;
+  ssl_certificate /etc/letsencrypt/live/api-dev.rikk.it/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/api-dev.rikk.it/privkey.pem;
+  include /etc/letsencrypt/letsencrypt-recommended-ssl.conf;
+  ssl_dhparam /etc/letsencrypt/letsencrypt-dhparams.pem;
 
-#   location / {
-#     proxy_pass http://backend:1337;
-#   }
-# }
+  location / {
+    proxy_pass http://backend:1337;
+  }
+}