diff --git a/lib/app.js b/lib/app.js
index dc3c2004..33df301d 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -148,6 +148,14 @@ app.connect = function (callback) {
     app.use(middleware.limitContentLength({limit: app.set('max-request-size')}));
     app.use(express.cookieParser(app.set('session secret')));
     app.use(express.cookieSession({key: 'jsbin', cookie: {maxAge: 365 * 24 * 60 * 60 * 1000}}));
+    // If we're in SSL mode but an insecure connection comes in, redirect to
+    // the SSL version (removing any port information)
+    app.use(function (req, res, next) {
+      if (app.get('url ssl') && !req.secure) {
+        return res.redirect('https://' + req.headers.host.replace(/:.*/, '') + req.url);
+      }
+      next();
+    });
     app.use(express.urlencoded());
     app.use(express.json());
     app.use(middleware.csrf({ ignore: ['/', /^\/api\//] }));