diff --git a/ansible/roles/loadbalancer/tasks/main.yml b/ansible/roles/loadbalancer/tasks/main.yml
index 3134e21..86d3185 100644
--- a/ansible/roles/loadbalancer/tasks/main.yml
+++ b/ansible/roles/loadbalancer/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Debuggy
-  debug:
+  ansible.builtin.debug:
     msg: "our_published_port={{ our_published_port }}"
 
 - name: Configure firewall
diff --git a/ansible/roles/loadbalancer/templates/Caddyfile.j2 b/ansible/roles/loadbalancer/templates/Caddyfile.j2
index 5f8df5c..63fbad9 100644
--- a/ansible/roles/loadbalancer/templates/Caddyfile.j2
+++ b/ansible/roles/loadbalancer/templates/Caddyfile.j2
@@ -1,12 +1,18 @@
 {% set sites = {
     'future.porn': our_published_port,
-    'pgadmin.sbtp.xyz': 9095,
-    'rssapp.sbtp.xyz': 9096
+    'pgadmin.sbtp.xyz': pgadmin_published_port,
+    'rssapp.sbtp.xyz': rssapp_published_port
 } %}
 
 {% for site, port in sites.items() %}
 {{ site }} {
 
+    {% if site == 'pgadmin.sbtp.xyz' %}
+    basicauth {
+        {{ pgadmin_basicauth_username }} {{ pgadmin_basicauth_password }}
+    }
+    {% endif %}
+
     # Define the upstream servers (docker swarm nodes) for load balancing
     reverse_proxy {% for host in groups['swarm'] %}{{ hostvars[host]['internal_ip'] }}:{{ port }} {% endfor %} {
         health_uri /health
diff --git a/ansible/vars/main.yml b/ansible/vars/main.yml
index 271efb2..33e0816 100644
--- a/ansible/vars/main.yml
+++ b/ansible/vars/main.yml
@@ -25,3 +25,7 @@ kubo_version: v0.34.1
 
 our_server_port: 3000
 our_published_port: 8086
+pgadmin_published_port: 9095
+rssapp_published_port: 9096
+pgadmin_basicauth_username: "{{ lookup('dotenv', 'PGADMIN_BASICAUTH_USERNAME', file='../../../../.env.production') }}"
+pgadmin_basicauth_password: "{{ lookup('dotenv', 'PGADMIN_BASICAUTH_PASSWORD', file='../../../../.env.production') }}"
diff --git a/services/our/compose.production.yaml b/services/our/compose.production.yaml
index 44175fd..bdd92bd 100644
--- a/services/our/compose.production.yaml
+++ b/services/our/compose.production.yaml
@@ -66,9 +66,6 @@ services:
 
   pgadmin:
     image: dpage/pgadmin4:latest
-    network_mode: service:tailscale-pgadmin
-    depends_on:
-      - tailscale-pgadmin
     environment:
       PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
       PGADMIN_LISTEN_PORT: 5050
@@ -77,23 +74,11 @@ services:
       test: ["CMD", "nc", "-z", "127.0.0.1", "5050"]
       interval: 5s
       retries: 10
-
-  tailscale-pgadmin:
-    image: tailscale/tailscale:latest
-    hostname: pgadmin
-    environment:
-      TS_EXTRA_ARGS: "--stateful-filtering=false --advertise-tags=tag:container --reset"
-      TS_SERVE_CONFIG: /config/pgadmin.json
-      TS_STATE_DIR: /var/lib/tailscale
-      TS_USERSPACE: "false"
-    volumes:
-      - /mnt/vfs/futureporn/tailscale/state:/var/lib/tailscale
-      - /mnt/vfs/futureporn/tailscale/config:/config
-    devices:
-      - /dev/net/tun:/dev/net/tun
-    cap_add:
-      - net_admin
-    restart: unless-stopped
+    ports:
+      - target: 5050
+        published: 9095
+        protocol: tcp
+        mode: ingress
 
 volumes:
   pgdata: