diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index d99fef9..0fd1afe 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -558,8 +558,8 @@ services:
 
   registry-ui:
     image: joxit/docker-registry-ui:latest
-    ports:
-      - "8080:80"
+    expose:
+      - "80"
     environment:
       - REGISTRY_TITLE=APP_NAME Registry
       - REGISTRY_URL=https://YOUR_CI_CD_IP:5000
@@ -569,6 +569,19 @@ services:
     networks:
       - registry_network
 
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "8080:443"
+    volumes:
+      - ./ssl:/etc/nginx/ssl:ro
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    depends_on:
+      - registry-ui
+    restart: unless-stopped
+    networks:
+      - registry_network
+
 volumes:
   registry_data:
 
@@ -583,7 +596,49 @@ exit
 
 **Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in the `REGISTRY_URL` environment variable.
 
-**Note**: The registry now uses HTTPS, which will resolve the crypto.subtle error and provide secure communication.
+**Note**: We added an nginx reverse proxy to handle HTTPS for the registry UI.
+
+#### 4.4.1 Create Nginx Configuration
+
+```bash
+# Switch to SERVICE_USER (registry directory owner)
+sudo su - SERVICE_USER
+
+cat > /opt/registry/nginx.conf << 'EOF'
+events {
+    worker_connections 1024;
+}
+
+http {
+    upstream registry_ui {
+        server registry-ui:80;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name YOUR_CI_CD_IP;
+
+        ssl_certificate /etc/nginx/ssl/registry.crt;
+        ssl_certificate_key /etc/nginx/ssl/registry.key;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+        location / {
+            proxy_pass http://registry_ui;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}
+EOF
+
+# Exit SERVICE_USER shell
+exit
+```
+
+**Important**: Replace `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address in the nginx configuration.
 
 #### 4.5 Install Required Tools
 
@@ -615,11 +670,11 @@ sudo su - SERVICE_USER
 cd /opt/registry
 docker compose ps
 
-# Test registry API
-curl http://localhost:5000/v2/_catalog
+# Test registry API (HTTPS)
+curl -k https://localhost:5000/v2/_catalog
 
-# Test registry UI (optional)
-curl -I http://localhost:8080
+# Test registry UI (HTTPS)
+curl -I https://localhost:8080
 
 # Test Docker push/pull (optional but recommended)
 # Create a test image
@@ -633,8 +688,8 @@ docker build -f /tmp/test.Dockerfile -t localhost:5000/test:latest /tmp
 docker push localhost:5000/test:latest
 
 # Verify image is in registry
-curl http://localhost:5000/v2/_catalog
-curl http://localhost:5000/v2/test/tags/list
+curl -k https://localhost:5000/v2/_catalog
+curl -k https://localhost:5000/v2/test/tags/list
 
 # Pull image back (verifies pull works)
 docker rmi localhost:5000/test:latest
@@ -648,7 +703,7 @@ docker rmi localhost:5000/test:latest
 rm /tmp/test.Dockerfile
 
 # Clean up test repository using registry UI
-# 1. Open your browser and go to: https://YOUR_CI_CD_IP:8080
+# 1. Open your browser and go to: http://YOUR_CI_CD_IP:8080
 # 2. You should see the 'test' repository listed
 # 3. Click on the 'test' repository
 # 4. Click the delete button (trash icon) next to the 'latest' tag
@@ -656,16 +711,24 @@ rm /tmp/test.Dockerfile
 # 6. The test repository should now be removed
 
 # Verify registry is empty
-curl http://localhost:5000/v2/_catalog
+curl -k https://localhost:5000/v2/_catalog
 
 # Exit SERVICE_USER shell
 exit
 ```
 
+**Important Notes:**
+- **Registry API**: Uses HTTPS on port 5000 (secure)
+- **Registry UI**: Uses HTTPS on port 8080 (secure, via nginx reverse proxy)
+- **Access URLs**: 
+  - Registry UI: `https://YOUR_CI_CD_IP:8080` (use HTTPS)
+  - Registry API: `https://YOUR_CI_CD_IP:5000`
+- **Browser Access**: Both services now use HTTPS for secure communication
+
 **Expected Output**:
 - `docker-compose ps` should show both `registry` and `registry-ui` as "Up"
-- `curl http://localhost:5000/v2/_catalog` should return `{"repositories":[]}` (empty initially)
-- `curl -I http://localhost:8080` should return HTTP 200
+- `curl -k https://localhost:5000/v2/_catalog` should return `{"repositories":[]}` (empty initially)
+- `curl -I https://localhost:8080` should return HTTP 200
 - Push/pull test should complete successfully
 
 **If something goes wrong**:
@@ -729,7 +792,7 @@ docker push YOUR_CI_CD_IP:5000/APP_NAME/frontend:latest
 #### **Registry UI Access**
 Public web interface for browsing images:
 ```
-http://YOUR_CI_CD_IP:8080
+https://YOUR_CI_CD_IP:8080
 ```
 
 #### **Client Configuration**