diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2
index 6eb0989..3b4d319 100644
--- a/ansible/roles/traefik/docker-stack.yml.j2
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@@ -17,15 +17,19 @@ services:
     ports:
       - 443:443
       - 80:80
-      - 8080:8080
+      - 444:444
     deploy:
       placement:
         constraints: [node.labels.traefik == true]
       labels:
         - traefik.enable=true
-        - traefik.http.routers.dashboard.rule=Host(`maestro.dmz`)
+        - traefik.http.routers.dashboard.entrypoints=localsecure
+        - traefik.http.routers.dashboard.rule=Host(`traefik.pim.kunis.nl`)
         - traefik.http.routers.dashboard.service=api@internal
         - traefik.http.services.dummy-svc.loadbalancer.server.port=8080
+        - traefik.http.routers.dashboard.tls=true
+        - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
+        - traefik.docker.network=traefik
 
         - traefik.http.routers.esrom.entrypoints=websecure
         - traefik.http.routers.esrom.service=esrom@file
@@ -62,6 +66,8 @@ services:
 
       - --entrypoints.websecure.address=:443
 
+      - --entrypoints.localsecure.address=:444
+
       - --certificatesresolvers.letsencrypt.acme=true
       - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
       - --certificatesresolvers.letsencrypt.acme.httpchallenge=true