diff --git a/docker-stack.yml.template b/docker-stack.yml.template
new file mode 100644
index 0000000..114ea3d
--- /dev/null
+++ b/docker-stack.yml.template
@@ -0,0 +1,23 @@
+# vi: ft=yaml
+version: '3'
+
+networks:
+  traefik:
+    external: true
+
+services:
+  static:
+    image: git.pim.kunis.nl/pim/concourse-test:TAG
+    networks:
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.static.entrypoints=websecure
+        - traefik.http.services.static.loadbalancer.server.port=80
+        - traefik.http.routers.static.rule=Host(`pim.kunis.nl`)
+        - traefik.http.routers.static.tls=true
+        - traefik.http.routers.static.tls.certresolver=letsencrypt
diff --git a/pipeline.yml b/pipeline.yml
index 630300f..c2ac06c 100644
--- a/pipeline.yml
+++ b/pipeline.yml
@@ -60,7 +60,7 @@ jobs:
           - |
             build
             ls image
-            cat image/digest | cut -d ":" -f 2- > image/tags
+            cat image/digest | cut -d ":" -f 2- > image/tag
   - task: get-site-packages
     config:
       platform: linux
@@ -97,7 +97,9 @@ jobs:
   - put: site-registry-image
     params:
       image: image/image.tar
-      additional_tags: image/tags
+      additional_tags: image/tag
+  - load_var: tag
+    file: image/tag
   - task: deploy-site
     config:
       platform: linux
@@ -107,6 +109,8 @@ jobs:
           repository: raesene/alpine-containertools
       params:
         DOCKER_HOST: ssh://root@maestro.dmz
+      inputs:
+      - name: site-repo
       run:
         path: sh
         args:
@@ -114,7 +118,8 @@ jobs:
         - |
           ls -lash
           mkdir $HOME/.ssh
-          echo -e "Host maestro.dmz\n\tStrictHostKeyChecking no" > $HOME/.ssh/config
+          cp site-repo/ssh_config $HOME/.ssh/config
           echo "((private_key))" > $HOME/.ssh/id_ed25519
           chmod 600 $HOME/.ssh/id_ed25519
-          docker service update --force --image git.pim.kunis.nl/pim/static:latest static_static
+          sed "s/TAG/((.:tag))/g" "site-repodocker-stack.yml.template" > docker-stack.yml
+          docker stack deploy --compose-file docker-stack.yml static
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..725bda8
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,2 @@
+Host maestro.dmz
+	StrictHostKeyChecking no