diff --git a/integration-tests/conftest.py b/integration-tests/conftest.py
new file mode 100644
index 0000000..ee0ebbd
--- /dev/null
+++ b/integration-tests/conftest.py
@@ -0,0 +1,27 @@
+"""pytest fixtures"""
+
+import os
+
+from pytest import fixture
+
+from tljh.config import CONFIG_FILE, reload_component
+
+
+@fixture
+def preserve_config(request):
+    """Fixture to save and restore config around tests"""
+    if os.path.exists(CONFIG_FILE):
+        with open(CONFIG_FILE) as f:
+            save_config = f.read()
+    else:
+        save_config = None
+    try:
+        yield
+    finally:
+        if save_config:
+            with open(CONFIG_FILE, "w") as f:
+                f.write(save_config)
+        elif os.path.exists(CONFIG_FILE):
+            os.remove(CONFIG_FILE)
+        reload_component("hub")
+        reload_component("proxy")
diff --git a/integration-tests/test_proxy.py b/integration-tests/test_proxy.py
new file mode 100644
index 0000000..a8e114d
--- /dev/null
+++ b/integration-tests/test_proxy.py
@@ -0,0 +1,61 @@
+"""tests for the proxy"""
+import os
+import shutil
+import ssl
+from subprocess import check_call
+import time
+
+import requests
+
+from tljh.config import reload_component, set_config_value, CONFIG_FILE
+
+
+def test_manual_https(preserve_config):
+    ssl_dir = "/etc/tljh-ssl-test"
+    key = ssl_dir + "/ssl.key"
+    cert = ssl_dir + "/ssl.cert"
+    os.makedirs(ssl_dir, exist_ok=True)
+    os.chmod(ssl_dir, 0o600)
+    # generate key and cert
+    check_call(
+        [
+            "openssl",
+            "req",
+            "-nodes",
+            "-newkey",
+            "rsa:2048",
+            "-keyout",
+            key,
+            "-x509",
+            "-days",
+            "1",
+            "-out",
+            cert,
+            "-subj",
+            "/CN=tljh.jupyer.org",
+        ]
+    )
+    set_config_value(CONFIG_FILE, "https.enabled", True)
+    set_config_value(CONFIG_FILE, "https.tls.key", key)
+    set_config_value(CONFIG_FILE, "https.tls.cert", cert)
+    reload_component("proxy")
+    for i in range(10):
+        time.sleep(i)
+        try:
+            server_cert = ssl.get_server_certificate(("127.0.0.1", 443))
+        except Exception as e:
+            print(e)
+        else:
+            break
+    with open(cert) as f:
+        file_cert = f.read()
+
+    # verify that our certificate was loaded by traefik
+    assert server_cert == file_cert
+
+    # verify that we can still connect to the hub
+    r = requests.get("https://127.0.0.1/hub/api", verify=False)
+    r.raise_for_status()
+
+    # cleanup
+    shutil.rmtree(ssl_dir)