diff --git a/roles/authentik_docker/templates/authentik-server-docker.service.j2 b/roles/authentik_docker/templates/authentik-server-docker.service.j2
index bae135d..c087b68 100644
--- a/roles/authentik_docker/templates/authentik-server-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-server-docker.service.j2
@@ -8,10 +8,14 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
 ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
 ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
           --network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
-          --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`)" \
+          --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \
+          --lable "traefik.http.routers.authentik.middlewares=authentik_redirect" \
           --label "traefik.http.routers.authentik.entrypoints=websecure" \
           --label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
           --label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
+          --label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \
+          --label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \
+          --label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \
           --env-file {{ docker_volumes_dir }}/authentik/authentik.env \
           -v {{ docker_volumes_dir }}/authentik/media:/media \
           -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \