diff --git a/compose.yml b/compose.yml
index ceb1026..3c56d15 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,30 +1,8 @@
 ---
 version: '3.8'
+
 services:
-
-  mariadb:
-    image: mysql:5.7
-    environment:
-      - MYSQL_DATABASE=kimai
-      - MYSQL_USER=kimai
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-    volumes:
-      - mariadb:/var/lib/mysql
-    networks:
-      - internal
-    command: --default-storage-engine innodb
-    secrets:
-      - db_password
-      - db_root_password
-    #healthcheck:
-    #  test: mysqladmin -pchangemeplease ping -h localhost
-    #  interval: 20s
-    #  start_period: 10s
-    #  timeout: 10s
-    #  retries: 3
-
-  kimai:
+  app:
     image: kimai/kimai2:apache-debian-1.8-prod
     environment:
       - APP_ENV=prod
@@ -33,7 +11,7 @@ services:
       - ADMINMAIL=admin@kimai.local
       - ADMINPASS_FILE=/run/secrets/admin_password
       - DATABASE_TYPE=mysql
-      - DATABASE_HOST=mariadb
+      - DATABASE_HOST=db
       - DATABASE_NAME=kimai
       - DATABASE_USER=kimai
       - DATABASE_PASSWORD_FILE=/run/secrets/db_password
@@ -50,17 +28,8 @@ services:
     secrets:
       - db_password
       - admin_password
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.docker.network=proxy"
-        - "traefik.http.routers.${STACK_NAME}.tls=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8001"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+    depends_on:
+      - db
     #entrypoint: ['tail', '-f', '/dev/null']
     entrypoint: /docker-entrypoint.sh
     #healthcheck:
@@ -69,13 +38,41 @@ services:
     #  start_period: 10s
     #  timeout: 10s
     #  retries: 3
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8001"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
 
-  #postfix:
-  #  image: catatnight/postfix:latest
-  #  environment:
-  #    maildomain: kimai.local
-  #    smtp_user: kimai:kimai
-  #  restart: unless-stopped
+  db:
+    image: mysql:5.7
+    environment:
+      - MYSQL_DATABASE=kimai
+      - MYSQL_USER=kimai
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    volumes:
+      - mariadb:/var/lib/mysql
+    networks:
+      - internal
+    secrets:
+      - db_password
+      - db_root_password
+    command: --default-storage-engine innodb
+    #healthcheck:
+    #  test: mysqladmin -pchangemeplease ping -h localhost
+    #  interval: 20s
+    #  start_period: 10s
+    #  timeout: 10s
+    #  retries: 3
 
 volumes:
     kimai_var: