diff --git a/argocd/templates/ingress.yaml b/argocd/templates/ingress.yaml
new file mode 100644
index 0000000..11fa1bc
--- /dev/null
+++ b/argocd/templates/ingress.yaml
@@ -0,0 +1,36 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`argocd.internal.dev.durp.info`)
+    middlewares:
+    - name: internal-only
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: argocd-server
+      port: 443
+      scheme: https
+  tls:
+    secretName: argocd-tls  
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-tls
+spec:
+  secretName: argocd-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "argocd.internal.dev.durp.info"
+  dnsNames:
+  - "argocd.internal.dev.durp.info"  
diff --git a/internalproxy/templates/argocd.yaml b/internalproxy/templates/argocd.yaml
index 6aa67a1..6e89858 100644
--- a/internalproxy/templates/argocd.yaml
+++ b/internalproxy/templates/argocd.yaml
@@ -10,7 +10,7 @@ spec:
   routes:
   - match: Host(`argocd.internal.dev.durp.info`)
     middlewares:
-    - name: whitelist
+    - name: internal-only
       namespace: traefik  
     kind: Rule
     services: