diff --git a/.docker/symfony.conf b/.docker/symfony.conf
index 31b608fb..02d83622 100644
--- a/.docker/symfony.conf
+++ b/.docker/symfony.conf
@@ -25,7 +25,7 @@
         CustomLog ${APACHE_LOG_DIR}/access.log combined
 
         # Pass the configuration from the docker env to the PHP environment (here you should list all .env options)
-        PassEnv APP_ENV APP_DEBUG APP_SECRET
+        PassEnv APP_ENV APP_DEBUG APP_SECRET REDIRECT_TO_HTTPS
         PassEnv TRUSTED_PROXIES TRUSTED_HOSTS LOCK_DSN
         PassEnv DATABASE_URL ENFORCE_CHANGE_COMMENTS_FOR DATABASE_MYSQL_USE_SSL_CA DATABASE_MYSQL_SSL_VERIFY_CERT
         PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI CHECK_FOR_UPDATES ATTACHMENT_DOWNLOAD_BY_DEFAULT
diff --git a/.env b/.env
index 32d149df..85f25ae8 100644
--- a/.env
+++ b/.env
@@ -226,6 +226,9 @@ DEMO_MODE=0
 # In that case all URL contains the index.php front controller in URL
 NO_URL_REWRITE_AVAILABLE=0
 
+# Set to 1, if Part-DB should redirect all HTTP requests to HTTPS. You dont need to configure this, if your webserver already does this.
+REDIRECT_TO_HTTPS=0
+
 # If you want to use fixer.io for currency conversion, you have to set this to your API key
 FIXER_API_KEY=CHANGEME
 
diff --git a/config/parameters.yaml b/config/parameters.yaml
index 13b07a35..82ca4a58 100644
--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@@ -115,6 +115,8 @@ parameters:
   env(USE_GRAVATAR): '0'
   env(MAX_ATTACHMENT_FILE_SIZE): '100M'
 
+  env(REDIRECT_TO_HTTPS): 0
+
   env(ENFORCE_CHANGE_COMMENTS_FOR): ''
 
   env(ERROR_PAGE_ADMIN_EMAIL): ''
diff --git a/docs/configuration.md b/docs/configuration.md
index 32472901..1805ad01 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -196,6 +196,9 @@ See the [information providers]({% link usage/information_provider_system.md %})
 * `NO_URL_REWRITE_AVAILABLE` (allowed values `true` or `false`): Set this value to true, if your webserver does not
   support rewrite. In this case, all URL paths will contain index.php/, which is needed then. Normally this setting do
   not need to be changed.
+* `REDIRECT_TO_HTTPS`: If this is set to true, all requests to http will be redirected to https. This is useful, if your
+  webserver does not already do this (like the one used in the demo instance). If your webserver already redirects to
+  https, you don't need to set this. Ensure that Part-DB is accessible via https, before you enable this setting.
 * `FIXER_API_KEY`: If you want to automatically retrieve exchange rates for base currencies other than euros, you have to
   configure an exchange rate provider API. [Fixer.io](https://fixer.io/) is preconfigured, and you just have to register
   there and set the retrieved API key in this environment variable.
diff --git a/src/EventSubscriber/RedirectToHttpsSubscriber.php b/src/EventSubscriber/RedirectToHttpsSubscriber.php
new file mode 100644
index 00000000..400b50e5
--- /dev/null
+++ b/src/EventSubscriber/RedirectToHttpsSubscriber.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\EventSubscriber;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Security\Http\HttpUtils;
+
+/**
+ * The purpose of this event listener is (if enabled) to redirect all requests to https.
+ */
+final class RedirectToHttpsSubscriber implements EventSubscriberInterface
+{
+
+    public function __construct(
+        #[Autowire('env(bool:REDIRECT_TO_HTTPS)')]
+        private readonly bool $enabled,
+        private readonly HttpUtils $httpUtils)
+    {
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::REQUEST => ['onKernelRequest', 0],
+        ];
+    }
+
+    public function onKernelRequest(RequestEvent $event): void
+    {
+        //If the feature is disabled, or we are not the main request, we do nothing
+        if (!$this->enabled || !$event->isMainRequest()) {
+            return;
+        }
+
+
+        $request = $event->getRequest();
+
+        //If the request is already https, we do nothing
+        if ($request->isSecure()) {
+            return;
+        }
+
+
+        //Change the request to https
+        $new_url = str_replace('http://', 'https://' ,$request->getUri());
+        $event->setResponse($this->httpUtils->createRedirectResponse($event->getRequest(), $new_url));
+    }
+}
\ No newline at end of file