diff --git a/ansible-5/roles/prod.k3s/files/stash/values.yaml b/ansible-5/roles/prod.k3s/files/stash/values.yaml
index 9ea10c4..2feaf85 100644
--- a/ansible-5/roles/prod.k3s/files/stash/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/values.yaml
@@ -5,12 +5,15 @@
 
 image:
   repository: stashapp/stash
-  tag: v0.30.1
+  tag: v0.31.1
 
 ingress:
   main:
-    enabled: false
+    enabled: true
     annotations:
+      kubernetes.io/ingress.class: "traefik"
+      traefik.ingress.kubernetes.io/router.entrypoints: websecure
+      traefik.ingress.kubernetes.io/router.tls: "true"
       cert-manager.io/cluster-issuer: letsencrypt-production
 
     hosts:
diff --git a/ansible-5/roles/prod.k3s/templates/acme-dns/ingress.yaml b/ansible-5/roles/prod.k3s/templates/acme-dns/ingress.yaml
index a922101..a17931f 100644
--- a/ansible-5/roles/prod.k3s/templates/acme-dns/ingress.yaml
+++ b/ansible-5/roles/prod.k3s/templates/acme-dns/ingress.yaml
@@ -19,9 +19,9 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: dns-api
+                name: acme-dns-api
                 port:
-                  number: 80
+                  number: 8090
 
 #  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
 #    - secretName: xai-corp-production-tls-ap1
diff --git a/ansible-5/roles/prod.k3s/templates/acme-dns/service.yaml b/ansible-5/roles/prod.k3s/templates/acme-dns/service.yaml
index 0fc1f97..ecef4f6 100644
--- a/ansible-5/roles/prod.k3s/templates/acme-dns/service.yaml
+++ b/ansible-5/roles/prod.k3s/templates/acme-dns/service.yaml
@@ -8,6 +8,6 @@ spec:
   selector:
     app: acme-dns
   ports:
-    - port: 80
+    - port: 8090
       targetPort: 80