diff --git a/gonx.conf b/gonx.conf
index 119ddc8..2b35a4c 100644
--- a/gonx.conf
+++ b/gonx.conf
@@ -7,3 +7,4 @@ AcmeChallengePath = "/var/lib/letsencrypt" # Path for ACME challenge files
 [TLS]
 # "www.example.com" = "file:/srv/http"
 # "git.example.com" = "tcp://127.0.0.1:8001"
+# "unix.example.com" = "unix:///var/lib/app/app.socket"
diff --git a/mapping.go b/mapping.go
index 0fced0c..55dc715 100644
--- a/mapping.go
+++ b/mapping.go
@@ -39,7 +39,18 @@ func (h HostMapping) Add(host, outputUrlStr string) error {
 					slog.Debug(err.Error())
 					continue
 				}
-				go func() { _ = handleProxy(conn.(*tls.Conn), pd.Output) }()
+				go func() { _ = handleTcp(conn.(*tls.Conn), pd.Output) }()
+			}
+		}(pd)
+	case "unix":
+		go func(pd ProxyDirection) {
+			for {
+				conn, err := pd.listener.Accept()
+				if err != nil {
+					slog.Debug(err.Error())
+					continue
+				}
+				go func() { _ = handleUnix(conn.(*tls.Conn), pd.Output) }()
 			}
 		}(pd)
 	default:
@@ -68,7 +79,7 @@ func handleTlsConn(conn *tls.Conn, hosts HostMapping) error {
 	return nil
 }
 
-func handleProxy(conn *tls.Conn, outputUrl *url.URL) error {
+func handleTcp(conn *tls.Conn, outputUrl *url.URL) error {
 	c, err := net.Dial(outputUrl.Scheme, outputUrl.Host)
 	if err != nil {
 		return fmt.Errorf("dial: %v", err)
@@ -94,3 +105,30 @@ func handleProxy(conn *tls.Conn, outputUrl *url.URL) error {
 
 	return nil
 }
+
+func handleUnix(conn *tls.Conn, outputUrl *url.URL) error {
+	c, err := net.Dial(outputUrl.Scheme, outputUrl.Host+outputUrl.Path)
+	if err != nil {
+		return fmt.Errorf("dial: %v", err)
+	}
+	defer c.Close()
+
+	wg := new(sync.WaitGroup)
+	wg.Add(2)
+
+	go func() {
+		defer wg.Done()
+
+		_, _ = io.Copy(conn, c)
+	}()
+
+	go func() {
+		defer wg.Done()
+
+		_, _ = io.Copy(c, conn)
+	}()
+
+	wg.Wait()
+
+	return nil
+}