diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index d16ac8c47870fab1c2c4b82effe02d9470d497dd..7ac2670187a188cea018032b95671eeca67f42e3 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -28,15 +28,37 @@ services:
       - emg-extnet
       - dem-extnet
       - logging-extnet
-      - intnet
+      - shib-extnet
   shibauth:
     image: testing-shibboleth
     deploy:
       replicas: 1
       placement:
         constraints: [node.role == manager]
+      labels:
+        # router for basic auth based access (https)
+        - "traefik.http.routers.shibauth.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
+        - "traefik.http.routers.shibauth.tls=true"
+        - "traefik.http.routers.shibauth.tls.certresolver=default"
+        - "traefik.http.routers.shibauth.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.shibauth-redirect.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.shibauth-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.shibauth.loadbalancer.sticky=false"
+        - "traefik.http.services.shibauth.loadbalancer.server.port=80"
+        - "traefik.docker.network=shib-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"        
+      # labels:
+      #   - "traefik.enable=true"
+      #   - "traefik.frontend.rule=Host:shib.pdas.prism.eox.at"
+      #   - "traefik.port=80"
+      #   - "traefik.frontend.passHostHeader=true"
     networks:
-      - intnet
+      - shib-extnet
 volumes:
   traefik-data:
 networks:
@@ -48,4 +70,5 @@ networks:
     name: dem-extnet
   logging-extnet:
     name: logging-extnet
-  intnet:
+  shib-extnet:
+    name: shib-extnet
diff --git a/traefik-dynamic.yml b/traefik-dynamic.yml
index 495ef4ebe69d35abf1ee6835c1427a931cf22431..9b51a4894cb1a5f79b9e3d1a437234c7a13504cc 100644
--- a/traefik-dynamic.yml
+++ b/traefik-dynamic.yml
@@ -22,7 +22,7 @@ http:
           - "***REMOVED***"
     shibAuth:
       forwardAuth:
-        address: http://shibauth/secure
+        address: http://shib.pdas.prism.eox.at/secure
         trustForwardHeader: true
     compress:
       compress: {}