diff --git a/.gitignore b/.gitignore
index 7691484ad..690249e9d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,9 @@
 .env
 *.code-workspace
 
+# certs
+*.pem
+
 # Old OS3 files and folders
 .coverage
 .mypy_cache
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index a72fa9cbe..602791d8e 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -1,10 +1,30 @@
 # Development of OpenSlides 4
 
+## Requirements
+
+You need git, bash, docker, docker-compose, make and go installed.
+
+Go is needed to install https://github.com/FiloSottile/mkcert. The development setup uses HTTPS per default. OpenSlides does not work with HTTP anymore since features are required (like http2) that only works in a secure environment.
+
 ## First time checkout
 
-After cloning the repository you need to initialize all submodules, before you can start the development setup
+Clone this repository:
+
+    $ git clone git@github.com:OpenSlides/OpenSlides.git
+    $ git checkout openslides4-dev
+
+TODO: use `--recurse-submodules`, when master is OS4
+
+After checking out the os4-branch you need to initialize all submodules and install a root-cert:
 
     $ git submodule update --init
+    $ go get https://github.com/FiloSottile/mkcert
+    $ sudo mkcert -install
+
+If you get an error, you might need to install `certutil`. For Debian: `sudo apt install libnss3-tools`.
+
+Finally, start the dev server:
+
     $ make run-dev
 
 ## Running tests
diff --git a/Makefile b/Makefile
index 5955a88e4..47cbf8bef 100644
--- a/Makefile
+++ b/Makefile
@@ -26,3 +26,6 @@ build-prod:
 
 run-prod: | build-prod
 	docker-compose -f docker-compose.yml -f docker-compose.prod.yml up
+
+reload-haproxy:
+	docker-compose -f docker-compose.yml -f docker-compose.dev.yml kill -s HUP haproxy
diff --git a/README.md b/README.md
index 7705632a6..c7e2d3103 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,8 @@ Read more about our [concept of OpenSlides 4.0](https://github.com/OpenSlides/Op
 
 ## Installation
 
+NOTE: Do not use prod at the moment. It will not work. Please refer to the DEVELOPMENT.md!
+
 Required software: Docker, docker-compose, make, git
 
 For a non-development setup, clone this repo and run it via docker compose. The make command is a handy shortcut for this:
diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
index eeb2854df..0984eabcb 100644
--- a/haproxy/Dockerfile
+++ b/haproxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy
+FROM haproxy:2.0-alpine
 COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 COPY src/prod-haproxy.cfg /usr/local/etc/haproxy/prod-haproxy.cfg
 CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/prod-haproxy.cfg"]
diff --git a/haproxy/Dockerfile.dev b/haproxy/Dockerfile.dev
index 4f60b1762..f21ee206a 100644
--- a/haproxy/Dockerfile.dev
+++ b/haproxy/Dockerfile.dev
@@ -1,4 +1,5 @@
-FROM haproxy
+FROM haproxy:2.0-alpine
 COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 COPY src/dev-haproxy.cfg /usr/local/etc/haproxy/dev-haproxy.cfg
+COPY src/combined.pem /usr/local/etc/haproxy/combined.pem
 CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/dev-haproxy.cfg"]
diff --git a/haproxy/Makefile b/haproxy/Makefile
index 740241b68..84cee3f81 100644
--- a/haproxy/Makefile
+++ b/haproxy/Makefile
@@ -1,2 +1,3 @@
 build-dev:
+	./prepare-cert.sh
 	docker build -t openslides-haproxy-dev -f Dockerfile.dev .
diff --git a/haproxy/prepare-cert.sh b/haproxy/prepare-cert.sh
new file mode 100755
index 000000000..a15b91942
--- /dev/null
+++ b/haproxy/prepare-cert.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+cd "$(dirname "$0")"
+
+# check, if we already generated a cert
+combined="src/combined.pem"
+
+if [[ ! -f $combined ]]; then
+    echo "Creating certificates..."
+    cd src
+    mkcert -cert-file localhost.pem -key-file localhost-key.pem localhost 127.0.0.1
+    cat localhost.pem localhost-key.pem > combined.pem
+    echo "done"
+else
+    echo "Certificate exists."
+fi
diff --git a/haproxy/src/dev-haproxy.cfg b/haproxy/src/dev-haproxy.cfg
index aada18779..75a1aa96c 100644
--- a/haproxy/src/dev-haproxy.cfg
+++ b/haproxy/src/dev-haproxy.cfg
@@ -1,5 +1,4 @@
 backend backend_client
     mode http
+    timeout tunnel 1h
     server client client:9001 resolvers docker_resolver no-check
-    timeout server 60s
-    timeout connect 60s
diff --git a/haproxy/src/haproxy.cfg b/haproxy/src/haproxy.cfg
index 3c1862444..22d2008da 100644
--- a/haproxy/src/haproxy.cfg
+++ b/haproxy/src/haproxy.cfg
@@ -1,12 +1,23 @@
+global
+    log stdout  format raw  local0  debug
 
-frontend http
-    bind *:8000
+defaults
+    option http-use-htx
+    timeout connect 10s
+    timeout client 10s
+    timeout client-fin 10s
+    timeout server 10s
+    timeout server-fin 10s
+    timeout check 10s
+    timeout tunnel 10s
+    log global
+    option httplog
+
+frontend https
     mode http
-    option http-keep-alive
+    bind *:8000 ssl crt /usr/local/etc/haproxy/combined.pem alpn h2,http/1.1
     default_backend backend_client  # this is defined in the dev-*/prod-* file
 
-    timeout client 60s
-
     acl action path_beg -i /system/action
     use_backend backend_action if action
 
@@ -30,23 +41,16 @@ resolvers docker_resolver
 backend backend_action
     mode http
     server action backend:9002 resolvers docker_resolver check
-    timeout connect 60s
-    timeout server 60s
 
 backend backend_presenter
     mode http
     server presenter backend:9003 resolvers docker_resolver check
-    timeout connect 60s
-    timeout server 60s
 
 backend backend_autoupdate
     mode http
-    server autoupdate autoupdate:9012 resolvers docker_resolver check
-    timeout connect 60s
-    timeout server 60s
+    timeout server 1h
+    server autoupdate autoupdate:9012 resolvers docker_resolver check ssl verify none alpn h2
 
 backend backend_auth
     mode http
-    server auth auth:9004 resolvers docker_resolver check
-    timeout connect 60s
-    timeout server 60s
\ No newline at end of file
+    server auth auth:9004 resolvers docker_resolver check
\ No newline at end of file
diff --git a/haproxy/src/prod-haproxy.cfg b/haproxy/src/prod-haproxy.cfg
index c03d7244d..4347ff90a 100644
--- a/haproxy/src/prod-haproxy.cfg
+++ b/haproxy/src/prod-haproxy.cfg
@@ -1,5 +1,3 @@
 backend backend_client
     mode http
     server client client:9001 resolvers docker_resolver check
-    timeout server 60s
-    timeout connect 60s
diff --git a/openslides-autoupdate-service b/openslides-autoupdate-service
index 94c3da7f7..ce94d1321 160000
--- a/openslides-autoupdate-service
+++ b/openslides-autoupdate-service
@@ -1 +1 @@
-Subproject commit 94c3da7f70c76931cf426ea199eada3639dd27af
+Subproject commit ce94d13217edc72f7d53e94fb93864d183cb53d3
diff --git a/openslides-client b/openslides-client
index 065b42aff..197d55208 160000
--- a/openslides-client
+++ b/openslides-client
@@ -1 +1 @@
-Subproject commit 065b42afff8a3bbd5568b1557f965363a97542c0
+Subproject commit 197d552083287d418387556b99a755fa81abb29a