diff --git a/README.md b/README.md
index d0016723a9c004165aa9847ac1c98af30b8e433c..82ceed7053254060bfff3c8a445efc72e6d56ccb 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,7 @@ Configuration is divided into different sections: `server`, `auth`, `ssh`, and `
 - `use_tls` : boolean. If set `tls_key` and `tls_cert` are required.
 - `tls_key` : string. Path to the TLS key.
 - `tls_cert` : string. Path to the TLS cert.
+- `address` : string. IP address to listen on. If unset the server listens on all addresses.
 - `port` : int. Port to listen on.
 - `cookie_secret`: string. Authentication key for the session cookie.
 - `http_logfile`: string. Path to the HTTP request log. Logs are written in the [Common Log Format](https://en.wikipedia.org/wiki/Common_Log_Format). If not set logs are written to stderr.
diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index bc7cba449f8d2a2beb8bd2f93cb12031804a3b1b..a989e1272c1fc407785938290c3c241c6bb9bae7 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -371,7 +371,7 @@ func main() {
 	h := handlers.LoggingHandler(logfile, r)
 
 	fmt.Println("Starting server...")
-	l := fmt.Sprintf(":%d", config.Server.Port)
+	l := fmt.Sprintf("%s:%d", config.Server.Addr, config.Server.Port)
 	if config.Server.UseTLS {
 		log.Fatal(http.ListenAndServeTLS(l, config.Server.TLSCert, config.Server.TLSKey, h))
 	}
diff --git a/example-server.conf b/example-server.conf
index b9bd0940464f81b462c035a2286d4a1e6845fdee..35a53d123bf46ea7a990bc4ba644abddceb30070 100644
--- a/example-server.conf
+++ b/example-server.conf
@@ -4,6 +4,7 @@ server {
   tls_key = "server.key"  # Path to TLS key
   tls_cert = "server.crt"  # Path to TLS certificate
   port = 443  # Port to listen on
+  address = "127.0.0.1"  # Optional. IP address to listen on.
   cookie_secret = "supersecret"  # Authentication key for the client cookie
   csrf_secret = "supersecret"  # Authentication key for the CSRF token
   http_logfile = "http.log"  # Logfile for HTTP requests
@@ -19,7 +20,7 @@ auth {
   provider_opts {
     domain = "example.com"  # Oauth-provider specific options
   }
-  users_whitelist = ["marco", "niall", "patrick"] # Optional
+  users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] # Optional
 }
 
 # Configuration for the certificate signer.
diff --git a/server/config/config.go b/server/config/config.go
index 107ebccec121a721c1676c278a988fc41966c117..dc5e0c5015e5f834bc44b558814c7bc26ae09b57 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -29,6 +29,7 @@ type Server struct {
 	UseTLS       bool   `mapstructure:"use_tls"`
 	TLSKey       string `mapstructure:"tls_key"`
 	TLSCert      string `mapstructure:"tls_cert"`
+	Addr         string `mapstructure:"address"`
 	Port         int    `mapstructure:"port"`
 	CookieSecret string `mapstructure:"cookie_secret"`
 	CSRFSecret   string `mapstructure:"csrf_secret"`
diff --git a/server/config/config_test.go b/server/config/config_test.go
index 6baf76d2a5f699e5a4b99d3fc75d8f06f390c056..5752ad0b83072284e2eb0fb4d4237e0d76f537c8 100644
--- a/server/config/config_test.go
+++ b/server/config/config_test.go
@@ -21,6 +21,7 @@ func TestServerConfig(t *testing.T) {
 	a.Equal(server.TLSKey, "server.key")
 	a.Equal(server.TLSCert, "server.crt")
 	a.Equal(server.Port, 443)
+	a.Equal(server.Addr, "127.0.0.1")
 	a.Equal(server.CookieSecret, "supersecret")
 }
 
diff --git a/testdata/config.go b/testdata/config.go
index 9ad93940f65a857eabe56e2c2fed0aa1f12a18bd..4670ea56367f91c29a4b255d7c47c008a9b70b1c 100644
--- a/testdata/config.go
+++ b/testdata/config.go
@@ -5,6 +5,7 @@ var ServerConfig = []byte(`
 		use_tls = true
 		tls_key = "server.key"
 		tls_cert = "server.crt"
+		address = "127.0.0.1"
 		port = 443
 		cookie_secret = "supersecret"
 	}