diff --git a/homelab/jafner-chat/config/traefik/config/middlewares.yaml b/homelab/jafner-chat/config/traefik/config/middlewares.yaml
new file mode 100644
index 00000000..9c62b3eb
--- /dev/null
+++ b/homelab/jafner-chat/config/traefik/config/middlewares.yaml
@@ -0,0 +1,26 @@
+http:
+  middlewares:
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.1/24"
+    securityheaders:
+      headers:
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+          server: ""
+        sslProxyHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: "same-origin"
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        customRequestHeaders:
+          X-Forwarded-Proto: "https"
+          X-Scheme: https
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 63072000
+        stsPreload: true
diff --git a/homelab/jafner-chat/config/traefik/config/tls.yaml b/homelab/jafner-chat/config/traefik/config/tls.yaml
new file mode 100644
index 00000000..17fc206d
--- /dev/null
+++ b/homelab/jafner-chat/config/traefik/config/tls.yaml
@@ -0,0 +1,4 @@
+tls:
+  options:
+    tls12:
+      minVersion: VersionTLS12
\ No newline at end of file
diff --git a/homelab/jafner-chat/config/traefik/config/traefik_api.yaml b/homelab/jafner-chat/config/traefik/config/traefik_api.yaml
index 990e2198..f4cfdb3b 100644
--- a/homelab/jafner-chat/config/traefik/config/traefik_api.yaml
+++ b/homelab/jafner-chat/config/traefik/config/traefik_api.yaml
@@ -3,6 +3,8 @@ http:
     api:
       rule: "Host(`traefik.jafner.chat`)"
       entryPoints: "websecure"
+      middlewares: 
+       - "lan-only@file"
       service: "api@internal"
       tls:
-        certResolver: "lets-encrypt"
\ No newline at end of file
+        certResolver: "lets-encrypt"