diff --git a/README.md b/README.md
index 8e0a7f8..f6f2a65 100644
--- a/README.md
+++ b/README.md
@@ -4,12 +4,17 @@ Welcome to public repository of my [Git Server](https://git.limbosolutions.com)
 
 Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
 
+- [SSO](#sso)
 - [Deploy](#deploy)
   - [Continuous Deploy](#continuous-deploy)
   - [App](#app)
   - [Infra](#infra)
 - [Backups](#backups)
 
+## SSO
+
+<https://integrations.goauthentik.io/development/gitea/>
+
 ## Deploy
 
 References:
diff --git a/deploy/infra/certificate.yaml b/deploy/infra/certificate.yaml
new file mode 100644
index 0000000..c58b39b
--- /dev/null
+++ b/deploy/infra/certificate.yaml
@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: limbosolutions-com-tls
+spec:
+  secretName: limbosolutions-com-tls
+  issuerRef:
+    name: leftencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - git.limbosolutions.com
\ No newline at end of file
diff --git a/deploy/infra/kustomization.yaml b/deploy/infra/kustomization.yaml
index a82b620..3506e35 100644
--- a/deploy/infra/kustomization.yaml
+++ b/deploy/infra/kustomization.yaml
@@ -3,8 +3,10 @@ kind: Kustomization
 resources:
   - namespace.yaml
   - cd-serviceaccount.yaml
-  - ingress.yaml
   - network-policies.yaml
+  - certificate.yaml
+  - websecure-ingress-route.yaml
+  - public-https-ingress-route.yaml
 generatorOptions:
   disableNameSuffixHash: true
 
diff --git a/deploy/infra/public-https-ingress-route.yaml b/deploy/infra/public-https-ingress-route.yaml
new file mode 100644
index 0000000..d587f6a
--- /dev/null
+++ b/deploy/infra/public-https-ingress-route.yaml
@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: public-https
+spec:
+  entryPoints:
+    - public-https
+  routes:
+    - match: Host(`git.limbosolutions.com`) && !PathPrefix(`-/admin`)
+      kind: Rule
+      services:
+        - name: gitea-http
+          port: 3000
+  tls:
+      secretName: limbosolutions-com-tls
\ No newline at end of file
diff --git a/deploy/infra/websecure-ingress-route.yaml b/deploy/infra/websecure-ingress-route.yaml
new file mode 100644
index 0000000..0e485b6
--- /dev/null
+++ b/deploy/infra/websecure-ingress-route.yaml
@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: websecure
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`git.limbosolutions.com`)
+      kind: Rule
+      services:
+        - name: gitea-http
+          port: 3000
+  tls:
+      secretName: limbosolutions-com-tls
\ No newline at end of file