diff --git a/.github/workflows/deploy-kubernetes.yml b/.github/workflows/deploy-kubernetes.yml
index 1154ea69..81ded841 100644
--- a/.github/workflows/deploy-kubernetes.yml
+++ b/.github/workflows/deploy-kubernetes.yml
@@ -50,8 +50,7 @@ jobs:
           echo "waiting 2 minutes for the A record to be updated"
           sleep 1200
 
-          kubectl apply -f ./api-server-ingress.yaml
-          kubectl apply -f ./landing-page-ingress.yaml
+          kubectl apply -f ./ingress/.
 
           helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
 
diff --git a/k8s/ingress/api-server-ingress-http.yaml b/k8s/ingress/api-server-ingress-http.yaml
new file mode 100644
index 00000000..a09ac790
--- /dev/null
+++ b/k8s/ingress/api-server-ingress-http.yaml
@@ -0,0 +1,17 @@
+# k8s/api-ingressroute.yaml
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: exosphere-api-server-http
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`api.exosphere.host`)
+      kind: Rule
+      services:
+        - name: exosphere-api-server
+          namespace: default
+          port: 80
+  tls:
+    certResolver: letsencrypt
\ No newline at end of file
diff --git a/k8s/api-server-ingress.yaml b/k8s/ingress/api-server-ingress.yaml
similarity index 100%
rename from k8s/api-server-ingress.yaml
rename to k8s/ingress/api-server-ingress.yaml
diff --git a/k8s/ingress/http-to-https-redirect-middleware.yaml b/k8s/ingress/http-to-https-redirect-middleware.yaml
new file mode 100644
index 00000000..67ef8af7
--- /dev/null
+++ b/k8s/ingress/http-to-https-redirect-middleware.yaml
@@ -0,0 +1,9 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: http-to-https-redirect
+spec:
+  redirectScheme:
+    scheme: https
+    port: "443"
+    permanent: true 
\ No newline at end of file
diff --git a/k8s/ingress/landing-page-ingress-http.yaml b/k8s/ingress/landing-page-ingress-http.yaml
new file mode 100644
index 00000000..fd1aab43
--- /dev/null
+++ b/k8s/ingress/landing-page-ingress-http.yaml
@@ -0,0 +1,17 @@
+# k8s/api-ingressroute.yaml
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: exosphere-landing-page-http
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`exosphere.host`)
+      kind: Rule
+      services:
+        - name: exosphere-landing-page
+          namespace: default
+          port: 80
+  tls:
+    certResolver: letsencrypt
\ No newline at end of file
diff --git a/k8s/landing-page-ingress.yaml b/k8s/ingress/landing-page-ingress.yaml
similarity index 100%
rename from k8s/landing-page-ingress.yaml
rename to k8s/ingress/landing-page-ingress.yaml
diff --git a/k8s/traefik-values.yaml b/k8s/traefik-values.yaml
index af1b8091..6aa7e8a6 100644
--- a/k8s/traefik-values.yaml
+++ b/k8s/traefik-values.yaml
@@ -5,6 +5,9 @@ deployment:
 
 additionalArguments:
   - "--entrypoints.web.address=:8081"
+  - "--entrypoints.web.http.redirections.entrypoint.to=:443"
+  - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+  - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
   - "--entrypoints.websecure.address=:8443"
 
 ports:
@@ -19,7 +22,7 @@ ports:
 
 ingressRoute:
   dashboard:
-    enabled: false        # turn on later if you want the UI
+    enabled: false
 
 certificatesResolvers:
   letsencrypt:
@@ -27,4 +30,4 @@ certificatesResolvers:
       email: "nivedit@exosphere.host"
       storage: /data/acme.json
       httpChallenge:
-        entryPoint: web   # solve the challenge on :80
+        entryPoint: web