diff --git a/stack.production.yml b/stack.production.yml
index d3de993..044be72 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -8,7 +8,7 @@ services:
       - /mnt/tank/persist/nixc.us/headscale/production/data:/var/lib/headscale/:rw
     command: ["headscale", "serve"]
     networks:
-      - traefik
+      - default
     environment:
       SERVER_URL: "https://headscale.nixc.us"
       LISTEN_ADDR: "0.0.0.0:8080"
@@ -20,20 +20,44 @@ services:
       placement:
         constraints:
           - node.hostname == macmini3
-      labels:
-        us.nixc.autodeploy: "true"
-        traefik.enable: "true"
-        traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
-        traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
-        traefik.http.routers.production-headscale_headscale.tls: "true"
-        traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
-        traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
-        traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
-        traefik.docker.network: "traefik"
-
+      # labels:
+      #   us.nixc.autodeploy: "true"
+      #   traefik.enable: "true"
+      #   traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
+      #   traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
+      #   traefik.http.routers.production-headscale_headscale.tls: "true"
+      #   traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
+      #   traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
+      #   traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
+      #   traefik.docker.network: "traefik"
       replicas: 1
       restart_policy:
         condition: on-failure
+  nginx:
+    image: git.nixc.us/colin/reverse:production
+    environment:
+      - BACKEND_ADDRESS=192.168.8.1
+      - BACKEND_PORT=8080
+      - PROTOCOL=http
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == macmini14
+      labels:
+        us.nixc.autodeploy: "true"
+        traefik.enable: "true"
+        traefik.http.routers.production-headscale_nginx.tls: "true"
+        traefik.http.services.production-headscale_nginx.loadbalancer.server.port: "80"
+        traefik.http.routers.production-headscale_nginx.rule: "Host(`headscale.nixc.us`)"
+        traefik.http.routers.production-headscale_nginx.entrypoints: "websecure"
+        traefik.http.routers.production-headscale_nginx.tls.certresolver: "letsencryptresolver"
+        traefik.http.routers.production-headscale_nginx.service: "production-headscale_nginx"
+        traefik.http.routers.production-headscale_nginx.middlewares: "authelia_authelia@docker"
+        traefik.docker.network: "traefik"
+    networks:
+      - traefik
+      - default
 # volumes:
 #   headscale:
 networks: