diff --git a/TLS.md b/TLS.md
index 8866485..020209a 100644
--- a/TLS.md
+++ b/TLS.md
@@ -1,12 +1,6 @@
 This page explains how to add TLS support for Netbox.
 There are many ways to do this.
 
-## TLS for the world
-
-In order to setup TLS to serve public traffic to your Netbox it is recommended to set up a reverse proxy that is independent from Netbox.
-You can do this by installing a webserver like _nginx_ on your host machine directly or by running it in a container.
-But we advise against changing the nginx configuration that ships with Netbox Docker.
-
 ## TLS for localhost
 
 This guide is intended for people developing with or on Netbox or Netbox-Docker on their computer.
@@ -27,7 +21,25 @@ This should create a file called `localhost+2.pem` and another file called `loca
 The TLS proxy [`hitch`](https://hitch-tls.org/) needs these files in a combined form:
 
 ```bash
-cat localhost+2.pem localhost+2-key.pem > localhost+2-full.pem
+cat localhost+2.pem localhost+2-key.pem > cert_and_key.pem
+```
+
+Continue with [TLS Using Hitch](#tls-using-hitch).
+
+## TLS for the world
+
+In order to setup TLS to serve public traffic to your Netbox it is recommended to set up a reverse proxy that is independent from Netbox.
+You can do this by installing a webserver like _nginx_ on your host machine directly or by running it in a container.
+But we advise against changing the nginx configuration that ships with Netbox Docker.
+
+### TLS Using Hitch
+
+[Hitch](https://hitch-tls.org/) is a high performance TLS proxy by the people behind the famous Varnish.
+
+First you need to combine your TLS key and TLS certificate into one file:
+
+```bash
+cat key.pem certificate.pem > cert_and_key.pem
 ```
 
 To run the TLS proxy [a Docker image of hitch](https://hub.docker.com/r/zazukoians/hitch) can be used.
@@ -42,13 +54,14 @@ services:
   tls:
     image: zazukoians/hitch
     environment:
-      HITCH_PEM: /app/localhost.pem # path within the container to the TLS certificate
+      HITCH_PEM: /app/cert_and_key.pem # path within the container to the TLS certificate
       HITCH_PARAMS: --backend=[nginx]:8080 --frontend=[*]:443 # listen on *:443 and forward traffic to nginx:8080
     depends_on:
       - nginx
     volumes:
-      - ./localhost+2-full.pem:/app/localhost.pem # mount the TLS certificate
+      - ./cert_and_key.pem:/app/cert_and_key.pem # mount the TLS certificate
     ports:
       - 8443:443 # bind the container's port 443 to the host's port 8443 -> https://[::1]:8443
 ```
+
 > NOTE: From **version 0.28.0** and above the `nginx` service is no longer in use. The traffic must be forwarded to the netbox service directly.
\ No newline at end of file