diff --git a/intern/docker_omada/templates/docker-compose.yml b/intern/docker_omada/templates/docker-compose.yml
index 2208464f8399667ce204a9c08c9fab61f6bd366a..9b0923a55fcc3395b9d6a6000780875fb0eea500 100644
--- a/intern/docker_omada/templates/docker-compose.yml
+++ b/intern/docker_omada/templates/docker-compose.yml
@@ -20,14 +20,16 @@ services:
     sysctls:
       - net.ipv4.ip_unprivileged_port_start=0
     volumes:
+      - "{{ certFile }}:/cert/tls.crt:ro"
+      - "{{ keyFile }}:/cert/tls.key:ro"
       - "{{ basedir }}/data:/opt/tplink/EAPController/data"
       - "{{ basedir }}/logs:/opt/tplink/EAPController/logs"
     environment:
       TZ: Europe/Berlin
       PUID: 508
       PGID: 508
-      MANAGE_HTTP_PORT: 80
-      MANAGE_HTTPS_PORT: 443
+      MANAGE_HTTP_PORT: 8088
+      MANAGE_HTTPS_PORT: 8043
       PORTAL_HTTP_PORT: 8088
       PORTAL_HTTPS_PORT: 8843
       PORT_ADOPT_V1: 29812
@@ -44,10 +46,9 @@ services:
       - traefik.enable=true
       - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
       - traefik.http.routers.{{ servicename }}.entrypoints=websecure
-      - traefik.http.services.{{ servicename }}.loadbalancer.serversTransport={{ servicename }}
-      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=443
-      - traefik.http.services.{{ servicename }}.loadbalancer.server.scheme=https
-      - traefik.http.serversTransports.{{ servicename }}.insecureSkipVerify=true
+      - "traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-redirect"
+      - "traefik.http.middlewares.{{ servicename }}-redirect.redirectregex.regex=(.)*"
+      - "traefik.http.middlewares.{{ servicename }}-redirect.redirectregex.replacement=https://{{ domain }}:8043"
     networks:
       - default
       - web
diff --git a/site.yml b/site.yml
index 4f9e2907c9e4eed08ff51802a693a9bd371aa6bd..d2de75f704dbd0a2e5e52f5725ad837d1e49dd8b 100644
--- a/site.yml
+++ b/site.yml
@@ -86,7 +86,9 @@
         role: intern/docker_omada, tags: omada,
         servicename: omada,
         basedir: /srv/omada,
-        domain: "omada.warpzone.lan"
+        domain: "omada.warpzone.lan",
+        certFile: "/srv/traefik/warpzone+internal+services.pem",
+        keyFile: "/srv/traefik/warpzone+internal+services.key"
       }  
     - { 
         role: intern/docker_unifi, tags: unifi,