diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index d9d0e14..a4a8807 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -1,4 +1,7 @@
 defaultEntryPoints = ["http", "https"]
+
+InsecureSkipVerify = true
+
 [entryPoints]
 [entryPoints.http]
   address = ":80"
diff --git a/docker/outputs.tf b/docker/outputs.tf
index 7383805..cd1347b 100644
--- a/docker/outputs.tf
+++ b/docker/outputs.tf
@@ -17,3 +17,7 @@ output "names-mariadb" {
 output "names-traefik" {
   value = "${docker_container.traefik.name}"
 }
+
+output "auth-header" {
+  value = "${var.basic_auth}"
+}
diff --git a/heimdall/main.tf b/heimdall/main.tf
new file mode 100644
index 0000000..f205d1a
--- /dev/null
+++ b/heimdall/main.tf
@@ -0,0 +1,34 @@
+data "docker_registry_image" "heimdall" {
+  name = "linuxserver/heimdall:latest"
+}
+
+resource "docker_image" "heimdall" {
+  name          = "${data.docker_registry_image.heimdall.name}"
+  pull_triggers = ["${data.docker_registry_image.heimdall.sha256_digest}"]
+}
+
+resource docker_container "heimdall" {
+  name  = "heimdall"
+  image = "${docker_image.heimdall.latest}"
+
+  labels = "${merge(
+    var.traefik-labels, map(
+      "traefik.port", "443",
+      "traefik.protocol", "https",
+      "traefik.frontend.rule","Host:${var.domain}",
+      "traefik.frontend.auth.basic", "${var.auth-header}",
+  ))}"
+
+  volumes {
+    host_path      = "/mnt/xwing/config/heimdall"
+    container_path = "/config"
+  }
+
+  env = [
+    "TZ=Asia/Kolkata",
+  ]
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+}
diff --git a/heimdall/variables.tf b/heimdall/variables.tf
new file mode 100644
index 0000000..cb679bf
--- /dev/null
+++ b/heimdall/variables.tf
@@ -0,0 +1,11 @@
+variable "domain" {
+  type = "string"
+}
+
+variable "auth-header" {
+  type = "string"
+}
+
+variable "traefik-labels" {
+  type = "map"
+}
diff --git a/main.tf b/main.tf
index 0a23e58..97cb5ac 100644
--- a/main.tf
+++ b/main.tf
@@ -49,6 +49,13 @@ module "tt-rss" {
   traefik-labels = "${var.traefik-common-labels}"
 }
 
+module "heimdall" {
+  source         = "heimdall"
+  domain         = "bb8.fun"
+  traefik-labels = "${var.traefik-common-labels}"
+  auth-header    = "${module.docker.auth-header}"
+}
+
 module "media" {
   source                 = "media"
   domain                 = "bb8.fun"