diff --git a/gitea.sh b/gitea
similarity index 73%
rename from gitea.sh
rename to gitea
index d234c61..2ad5608 100755
--- a/gitea.sh
+++ b/gitea
@@ -3,7 +3,8 @@
 set -e
 
 CONTAINER_NAME="gitea"
-WEB_PORT="3000"
+HTTP_PORT="80"
+HTTPS_PORT="443"
 SSH_PORT="2222"
 PROFILE_NAME="gitea-profile"
 ROOT_DISK_SIZE="20GB"
@@ -11,6 +12,9 @@ NETWORK_NAME="incusbr0"
 DB_USER="gitea"
 DB_PASS="gitea_password"  # Default password, can be overridden with -p option
 
+# Get the hostname of the host machine
+HOST_DOMAIN=$(hostname -f)
+
 # Function to create the Incus profile
 create_profile() {
     local cpu=$1
@@ -61,7 +65,8 @@ install_gitea() {
     incus config set $CONTAINER_NAME security.nesting=true
     incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
     incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:22
-    incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000
+    incus config device add $CONTAINER_NAME gitea-http proxy listen=tcp:0.0.0.0:$HTTP_PORT connect=tcp:127.0.0.1:80
+    incus config device add $CONTAINER_NAME gitea-https proxy listen=tcp:0.0.0.0:$HTTPS_PORT connect=tcp:127.0.0.1:443
 
     echo "Waiting for network to be ready..."
     sleep 10
@@ -81,6 +86,25 @@ networks:
     external: false
 
 services:
+  traefik:
+    image: traefik:v2.5
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --certificatesresolvers.myresolver.acme.tlschallenge=true
+      - --certificatesresolvers.myresolver.acme.email=admin@$HOST_DOMAIN
+      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /root/letsencrypt:/letsencrypt
+    networks:
+      - gitea
+
   server:
     image: gitea/gitea:latest
     container_name: gitea
@@ -92,6 +116,7 @@ services:
       - DB_NAME=gitea
       - DB_USER=$DB_USER
       - DB_PASSWD=$DB_PASS
+      - ROOT_URL=https://$HOST_DOMAIN
     restart: always
     networks:
       - gitea
@@ -99,11 +124,21 @@ services:
       - /var/lib/gitea:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - '3000:3000'
-      - '22:22'
+    expose:
+      - '3000'
+      - '22'
     depends_on:
       - db
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.gitea.rule=Host(\`$HOST_DOMAIN\`)
+      - traefik.http.routers.gitea.entrypoints=websecure
+      - traefik.http.routers.gitea.tls.certresolver=myresolver
+      - traefik.http.services.gitea.loadbalancer.server.port=3000
+      - traefik.http.routers.gitea-http.rule=Host(\`$HOST_DOMAIN\`)
+      - traefik.http.routers.gitea-http.entrypoints=web
+      - traefik.http.routers.gitea-http.middlewares=redirect-to-https
+      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
     
   db:
     image: postgres:latest
@@ -118,14 +153,15 @@ services:
       - /var/lib/postgresql/data:/var/lib/postgresql/data
 EOL"
 
-    echo "Starting Gitea and PostgreSQL with Docker Compose..."
+    echo "Starting Gitea, PostgreSQL, and Traefik with Docker Compose..."
     incus exec $CONTAINER_NAME -- bash -c "
     cd /root
+    mkdir -p letsencrypt
     docker-compose up -d
     "
 
     echo "Gitea setup complete!"
-    echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT"
+    echo "Access Gitea at https://$HOST_DOMAIN"
     echo "SSH access available on port $SSH_PORT"
 }