diff --git a/roles/role_deploy_gitea/tasks/main.yml b/roles/role_deploy_gitea/tasks/main.yml
index 3df589f..a058593 100644
--- a/roles/role_deploy_gitea/tasks/main.yml
+++ b/roles/role_deploy_gitea/tasks/main.yml
@@ -113,6 +113,33 @@
     line: "127.0.0.1       git2.{{ DOMAIN }}       git2"
   become: true
 
+- name: Template reverse-proxy configuration
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/mnt/volumes/reverse-proxy_conf/data/{{ item }}"
+  become: true
+  with_items:
+    - reverse-proxy-gitea.conf
+
+- name: Enable reverse-proxy configuration
+  containers.podman.podman_container_exec:
+    name: reverse-proxy
+    command: 'sh -c ''a2ensite reverse-proxy-gitea && service apache2 reload'''
+  become: true
+
+- name: Check if lets encrypt certificate installation is already done
+  stat:
+    path: /mnt/volumes/reverse-proxy_conf/data/reverse-proxy-gitea-le-ssl.conf
+  register: gitea_certificate_flag
+  become: true
+
+- name: Install lets encrypt certificate
+  containers.podman.podman_container_exec:
+    name: reverse-proxy
+    command: 'sh -c ''certbot --apache -vvv --domains gitea.{{ DOMAIN }} -m {{ recipient_email }} --agree-tos --reinstall --redirect --hsts --non-interactive'''
+  become: true
+  when: not gitea_certificate_flag.stat.exists
+
 - name: Allow git SSH port
   ansible.posix.firewalld:
     zone: public
diff --git a/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2 b/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2
new file mode 100644
index 0000000..35d6618
--- /dev/null
+++ b/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2
@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+    ServerName gitea.{{ DOMAIN }}
+    ServerAdmin postmaster@{{ DOMAIN }}
+    ProxyPreserveHost on
+    ProxyPass / http://gitea:3000/
+    ProxyPassReverse / http://gitea:3000/
+    ProxyRequests Off
+</VirtualHost>