diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 33e62b9..ba9135c 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -28,5 +28,5 @@ jobs:
           push: true
           tags: git.stuve.uni-ulm.de/stuve-it/stuve-it-backend:latest
 
-      #- name: Trigger webhook
-      #  run: curl -X POST ${{ secrets.WEBHOOK_URL }}
+      - name: Trigger webhook
+        run: curl -X POST ${{ secrets.WEBHOOK_URL }}
diff --git a/docker-compose.yml b/docker-compose.yml
index 8927012..dbddfbe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,14 +1,12 @@
 services:
   pocketbase:
-    image: gitlab.uni-ulm.de:5050/stuve-it/it-tools/backend
+    image: git.stuve.uni-ulm.de/stuve-it/stuve-it-backend:latest
     #command:
     #  - "--debug"
     container_name: stuve_it_backend
     restart: unless-stopped
     volumes:
       - pb_data:/pb_data
-    ports:
-      - 8090:8090
     healthcheck:
       test: wget --no-verbose --tries=1 --spider http://localhost:8090/api/health || exit 1
       interval: 5s
@@ -19,15 +17,37 @@ services:
       LDAP_URL: "ldap://dc.stuve.uni-ulm.de"
 
       LDAP_BIND_DN: "cn=ldapsync,ou=systemaccounts,ou=user,dc=stuve,dc=uni-ulm,dc=de"
-      LDAP_BIND_PASSWORD: "************"
+      LDAP_BIND_PASSWORD: "***************"
 
       LDAP_BASE_DN: "ou=useraccounts,ou=user,dc=stuve,dc=uni-ulm,dc=de"
       LDAP_USER_FILTER: "(|(objectCategory=person)(objectClass=user))"
 
+      LDAP_ADMIN_GROUP_DN: "cn=ref-computer,ou=groups,ou=user,dc=stuve,dc=uni-ulm,dc=de"
+
       LDAP_GROUP_FILTER: "(objectClass=group)"
       LDAP_GROUP_BASE_DN: "ou=groups,ou=user,dc=stuve,dc=uni-ulm,dc=de"
 
       LDAP_SYNC_SCHEDULE: "*/1 * * * *"
 
+    networks:
+      - traefik-network
+    labels:
+      # enable traefik for this container
+      - "traefik.enable=true"
+
+      # https entrypoint
+      - "traefik.http.routers.it-tools_https.rule=Host(`it.stuve.uni-ulm.de`) && (PathPrefix(`/_/`) || PathPrefix(`/api/`))"
+      - "traefik.http.routers.it-tools_https.entrypoints=websecure"
+      - "traefik.http.routers.it-tools_https.tls=true"
+      - "traefik.http.routers.it-tools_https.tls.certResolver=http_resolver"
+
+      # the internal port of the container
+      - "traefik.http.services.it-tools.loadbalancer.server.port=8090"
+
 volumes:
-  pb_data:
\ No newline at end of file
+  pb_data:
+
+networks:
+  traefik-network:
+    name: traefik-network
+    external: true
\ No newline at end of file