diff --git a/.envrc.sample b/.envrc.sample
index 07ee67c..f3d6895 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -1,6 +1,9 @@
 export SERVICE=rocketchat
-export DOMAIN=rocketchat.example.com
 export STACK_NAME=rocketchat
+
+export DOMAIN=rocketchat.example.com
+## Domain aliases
+#export EXTRA_DOMAINS=', `www.wordpress.example.com`'
 export LETS_ENCRYPT_ENV=production
 
 # https://docs.rocket.chat/guides/administrator-guides/settings-via-env-vars
diff --git a/compose.oauth.yml b/compose.oauth.yml
index b120fb5..adf93fe 100644
--- a/compose.oauth.yml
+++ b/compose.oauth.yml
@@ -2,7 +2,7 @@
 version: '3.8'
 
 services:
-  rocketchat:
+  app:
     secrets:
       - oauth_key
     environment:
diff --git a/compose.yml b/compose.yml
index 7473753..bd42090 100644
--- a/compose.yml
+++ b/compose.yml
@@ -4,14 +4,8 @@ version: '3.8'
 services:
   app:
     image: rocketchat/rocket.chat:latest
-    command: >
-      bash -c
-        "for i in `seq 1 30`; do
-          node main.js &&
-          s=$$? && break || s=$$?;
-          echo \"Tried $$i times. Waiting 5 secs...\";
-          sleep 5;
-        done; (exit $$s)"
+    depends_on:
+      - db
     volumes:
       - "rocketchat_uploads:/app/uploads"
     secrets:
@@ -30,12 +24,18 @@ services:
       - source: entrypoint_conf
         target: /docker-entrypoint.sh
         mode: 0555
-    entrypoint: /docker-entrypoint.sh
     networks:
       - internal
       - proxy
-    depends_on:
-      - db
+    entrypoint: /docker-entrypoint.sh
+    command: >
+      bash -c
+        "for i in `seq 1 30`; do
+          node main.js &&
+          s=$$? && break || s=$$?;
+          echo \"Tried $$i times. Waiting 5 secs...\";
+          sleep 5;
+        done; (exit $$s)"
     healthcheck:
       test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
       interval: 30s
@@ -49,11 +49,13 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.docker.network=proxy"
-        - "traefik.http.routers.${STACK_NAME}.tls=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
 
   db:
     image: mongo:3.6