diff --git a/.envrc.sample b/.envrc.sample
index 2253c26..379fae6 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -2,6 +2,8 @@ export SERVICE=keycloak
 export STACK_NAME=keycloak
 
 export DOMAIN=keycloak.example.com
+## Domain aliases
+#export EXTRA_DOMAINS=', `www.wordpress.example.com`'
 export LETS_ENCRYPT_ENV=production
 
 export ADMIN_USERNAME=admin
diff --git a/compose.yml b/compose.yml
index 9104e42..6da342b 100644
--- a/compose.yml
+++ b/compose.yml
@@ -33,10 +33,13 @@ services:
         order: start-first
       labels:
         - "traefik.enable=true"
-        - "traefik.http.routers.keycloak.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.keycloak.entrypoints=web-secure"
         - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.keycloak.entrypoints=web-secure"
         - "traefik.http.routers.keycloak.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
 
   mariadb:
     image: "mariadb:10.5"