diff --git a/deploy/quadlet/kubeviz-traefik.container b/deploy/quadlet/kubeviz-traefik.container
index 4517730..d98caa5 100644
--- a/deploy/quadlet/kubeviz-traefik.container
+++ b/deploy/quadlet/kubeviz-traefik.container
@@ -9,7 +9,7 @@ Image=localhost/kubeviz:prod
 Pull=never
 
 # Attach to the same user-defined network as Traefik.
-Network=traefik
+Network=edge
 
 Environment=TZ=Europe/Berlin
 Environment=ADDR=:8080
@@ -27,15 +27,22 @@ Group=65532
 
 # Traefik labels (Podman provider)
 Label=traefik.enable=true
-Label=traefik.http.routers.kubeviz.rule=Host(`kubeviz.valtrix.systems`)
-Label=traefik.http.routers.kubeviz.entrypoints=websecure
-Label=traefik.http.routers.kubeviz.tls=true
-Label=traefik.http.routers.kubeviz.tls.certresolver=letsencrypt
-Label=traefik.http.routers.kubeviz.middlewares=kubeviz-sec-headers,kubeviz-auth
+Label=traefik.docker.network=edge
+Label=traefik.http.routers.kubeviz-web.rule=Host(`kubeviz.valtrix.systems`)
+Label=traefik.http.routers.kubeviz-web.entrypoints=web
+Label=traefik.http.routers.kubeviz-web.middlewares=kubeviz-redirect-https
+Label=traefik.http.middlewares.kubeviz-redirect-https.redirectscheme.scheme=https
+Label=traefik.http.middlewares.kubeviz-redirect-https.redirectscheme.permanent=true
+Label=traefik.http.routers.kubeviz-websecure.rule=Host(`kubeviz.valtrix.systems`)
+Label=traefik.http.routers.kubeviz-websecure.entrypoints=websecure
+Label=traefik.http.routers.kubeviz-websecure.tls=true
+Label=traefik.http.routers.kubeviz-websecure.tls.certresolver=le
+Label=traefik.http.routers.kubeviz-websecure.middlewares=kubeviz-sec-headers,kubeviz-auth
+Label=traefik.http.routers.kubeviz-websecure.service=kubeviz
 Label=traefik.http.services.kubeviz.loadbalancer.server.port=8080
-Label=traefik.docker.network=traefik
 Label=traefik.http.middlewares.kubeviz-sec-headers.headers.customResponseHeaders.Content-Security-Policy=default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; script-src-elem 'self' 'unsafe-inline'; connect-src 'self' wss: https:; font-src 'self' data:; worker-src 'self' blob:;
 Label="traefik.http.middlewares.kubeviz-auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
+
 [Service]
 Restart=always
 RestartSec=3