diff --git a/conf.d/config.yaml b/conf.d/config.yaml
index fbf3805..e3b2cb1 100644
--- a/conf.d/config.yaml
+++ b/conf.d/config.yaml
@@ -4,12 +4,10 @@ http:
       rule: "Host(`hemlabb.uk`)"
       entrypoints:
         - websecure
-      service: "uptime-kuma@docker"
+      service: "kuma@docker"
       tls:
         certresolver: cloudflare
         domains:
           - main: "hemlabb.uk"
             sans:
               - "*.hemlabb.uk"
-
-
diff --git a/conf.d/gitea.yaml b/conf.d/gitea.yaml
index 905e8b4..97c60aa 100644
--- a/conf.d/gitea.yaml
+++ b/conf.d/gitea.yaml
@@ -1,12 +1,35 @@
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - ssh
+      rule: "HostSNI(`*`)"
+      service: gitea-ssh
+
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "gitea.lab:22"
+
 http:
   routers:
     gitea:
       rule: "Host(`gitea.hemlabb.uk`)"
-      service: gitea
       entryPoints:
         - websecure
+      service: gitea
+      tls:
+        certResolver: cloudflare
+
   services:
     gitea:
       loadBalancer:
         servers:
-          - url: "https://gitea.lab:3000" # Replace with your service's address
\ No newline at end of file
+          - url: "http://gitea.lab:3000"
+
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
\ No newline at end of file
diff --git a/traefik.yaml b/traefik.yaml
index 86afe10..7356a73 100644
--- a/traefik.yaml
+++ b/traefik.yaml
@@ -17,7 +17,9 @@ entryPoints:
     address: ':443'
     http:
       tls:
-        certResolver: letsencrypt
+        certResolver: cloudflare
+  ssh:
+    address: ':2222'
   traefik:
     address: ':8080'
 
@@ -26,8 +28,8 @@ certificatesResolvers:
     acme:
       email: s.nilsson@me.com
       storage: /etc/traefik/ssl/acme.json
-      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
-      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
       dnsChallenge:
         provider: cloudflare
         #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
@@ -35,11 +37,6 @@ certificatesResolvers:
         resolvers:
           - "1.1.1.1:53"
           - "1.0.0.1:53"
-            #  letsencrypt:
-            #    acme:
-            #      email: "foo@bar.com"
-            #      storage: /etc/traefik/ssl/acme.json
-            #      tlsChallenge: {}
 
 api:
   dashboard: true