diff --git a/omnibus/cookbooks/omnibus-supermarket/recipes/app.rb b/omnibus/cookbooks/omnibus-supermarket/recipes/app.rb
index 518adb195..6ecaf2bf9 100644
--- a/omnibus/cookbooks/omnibus-supermarket/recipes/app.rb
+++ b/omnibus/cookbooks/omnibus-supermarket/recipes/app.rb
@@ -25,7 +25,7 @@
 
 file 'environment-variables' do
   path "#{node['supermarket']['var_directory']}/etc/env"
-  content Supermarket::Config.environment_variables_from(node['supermarket'])
+  content Supermarket::Config.environment_variables_from(node['supermarket'].merge('force_ssl' => node['supermarket']['nginx']['force_ssl']))
   owner node['supermarket']['user']
   group node['supermarket']['group']
   mode '0600'
diff --git a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb
index a4d9f2865..2129a6207 100644
--- a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb
+++ b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb
@@ -95,11 +95,13 @@
       its('protocols') { should include 'tcp' }
     end
 
-    describe "http GET to Port #{property['supermarket']['nginx']['ssl_port']}" do
-      subject { http("http://localhost:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) }
+    describe http("https://#{property['supermarket']['fqdn']}:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) do
       it 'should not include server version number in response headers' do
         expect(subject.headers.server).to cmp('nginx')
       end
+
+      its('headers.keys') { should include('strict-transport-security') }
+      its('headers.Strict-Transport-Security') { should include('max-age=') }
     end
   end
 end
diff --git a/src/supermarket/config/environments/production.rb b/src/supermarket/config/environments/production.rb
index a64113bef..4676078bd 100644
--- a/src/supermarket/config/environments/production.rb
+++ b/src/supermarket/config/environments/production.rb
@@ -47,7 +47,7 @@
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = (ENV["FORCE_SSL"] == "true")
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.