diff --git a/roles/homeassistant/templates/homeassistant.httpd.conf.j2 b/roles/homeassistant/templates/homeassistant.httpd.conf.j2
index 03fc35e..a0166f4 100644
--- a/roles/homeassistant/templates/homeassistant.httpd.conf.j2
+++ b/roles/homeassistant/templates/homeassistant.httpd.conf.j2
@@ -7,7 +7,13 @@ ProxyPass / http://localhost:8123/
 ProxyPassReverse / http://localhost:8123/
 
 RewriteEngine on
+RewriteCond %{HTTPS} !on
+RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+
 RewriteCond %{HTTP:Upgrade} =websocket [NC]
 RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
 RewriteCond %{HTTP:Upgrade} !=websocket [NC]
 RewriteRule /(.*)  http://localhost:8123/$1 [P,L]
+
+Header always set \
+	Strict-Transport-Security "max-age=63072000; includeSubDomains"