diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
index cfa0e2c..ce2e1d5 100644
--- a/helm/templates/ingress.yaml
+++ b/helm/templates/ingress.yaml
@@ -1,83 +1,65 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: {{ .Release.Name }}-internal-tls
+  name: {{ .Release.Name }}-tls
   annotations:
-    kubernetes.io/ingress.class: traefik-internal
+    kubernetes.io/ingress.class: traefik
 spec:
   entryPoints:
     - websecure
   tls:
-    certResolver: myresolver
-    domains:
-    - main: "*.ducoterra.net"
+    certResolver: duconet
   routes:
-  - match: Host(`jellyfin.ducoterra.net`)
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
     kind: Rule
     services:
     - name: {{ .Release.Name }}
       port: 8096
     middlewares:
-      - name: {{ .Release.Name }}
-
+      - name: headers-{{ .Release.Name }}
 ---
-
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: {{ .Release.Name }}-internal-web
+  name: {{ .Release.Name }}
   annotations:
-    kubernetes.io/ingress.class: traefik-internal
+    kubernetes.io/ingress.class: traefik
 spec:
   entryPoints:
     - web
   routes:
-  - match: Host(`jellyfin.ducoterra.net`)
+  - match: Host(`{{ .Release.Name }}.ducoterra.net`)
     kind: Rule
     services:
     - name: {{ .Release.Name }}
       port: 8096
     middlewares:
-      - name: httpsredirect
-
+      - name: httpsredirect-{{ .Release.Name }}
 ---
-
 apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
+kind: Middleware
 metadata:
-  name: {{ .Release.Name }}-external-tls
-  annotations:
-    kubernetes.io/ingress.class: traefik-external
+  name: httpsredirect-{{ .Release.Name }}
 spec:
-  entryPoints:
-    - websecure
-  tls:
-    certResolver: myresolver
-  routes:
-  - match: Host(`jellyfin.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: 8096
-    middlewares:
-      - name: {{ .Release.Name }}
-
+  redirectScheme:
+    scheme: https
+    permanent: true
 ---
-
 apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
+kind: Middleware
 metadata:
-  name: {{ .Release.Name }}-external-web
-  annotations:
-    kubernetes.io/ingress.class: traefik-external
+  name: headers-{{ .Release.Name }}
 spec:
-  entryPoints:
-    - web
-  routes:
-  - match: Host(`jellyfin.ducoterra.net`)
-    kind: Rule
-    services:
-    - name: {{ .Release.Name }}
-      port: 8096
-    middlewares:
-      - name: httpsredirect
\ No newline at end of file
+  headers:
+    customResponseHeaders:
+      X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
+    SSLHost: "jellyfin.ducoterra.net"
+    SSLForceHost: true
+    STSSeconds: "315360000"
+    STSIncludeSubdomains: true
+    STSPreload: true
+    forceSTSHeader: true
+    frameDeny: true
+    contentTypeNosniff: true
+    browserXSSFilter: true
+    customFrameOptionsValue: "https://jellyfin.ducoterra.net"
\ No newline at end of file