diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 4f97449..ecca690 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -112,6 +112,7 @@ jobs:
                 --dry-run=client -o yaml | kubectl apply -f -
 
               kubectl apply -f k8s/cert-manager-issuer.yaml
+              kubectl apply -f k8s/redirect-https-middleware.yaml
               kubectl apply -f k8s/backend-deployment.yaml
               kubectl apply -f k8s/backend-ingress.yaml
               kubectl apply -f k8s/web-deployment.yaml
diff --git a/k8s/backend-ingress.yaml b/k8s/backend-ingress.yaml
index f252591..b14d8a9 100644
--- a/k8s/backend-ingress.yaml
+++ b/k8s/backend-ingress.yaml
@@ -5,6 +5,7 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: "traefik"
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.middlewares: "default-redirect-https@kubernetescrd"
 spec:
   tls:
   - hosts:
diff --git a/k8s/redirect-https-middleware.yaml b/k8s/redirect-https-middleware.yaml
new file mode 100644
index 0000000..e5eedb9
--- /dev/null
+++ b/k8s/redirect-https-middleware.yaml
@@ -0,0 +1,8 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
diff --git a/k8s/web-ingress.yaml b/k8s/web-ingress.yaml
index 0b7436b..b91fa67 100644
--- a/k8s/web-ingress.yaml
+++ b/k8s/web-ingress.yaml
@@ -5,6 +5,7 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: "traefik"
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.middlewares: "default-redirect-https@kubernetescrd"
 spec:
   tls:
   - hosts: