diff --git a/hosts/router/firewall.nix b/hosts/router/firewall.nix
index 5c00f53..430c34b 100644
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@@ -86,7 +86,7 @@ in
     content = ''
       ${nftIdentifiers}
       define ALLOWED_TCP_PORTS = { ssh, https }
-      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain }
+      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain, https }
       set port_forward_v6 {
           type inet_proto . ipv6_addr . inet_service
           elements = {
diff --git a/hosts/router/services.nix b/hosts/router/services.nix
index a380f01..034ec07 100644
--- a/hosts/router/services.nix
+++ b/hosts/router/services.nix
@@ -56,6 +56,7 @@ in
       hash = "sha256-saKJatiBZ4775IV2C5JLOmZ4BwHKFtRZan94aS5pO90=";
     };
     virtualHosts."grouter.${domain}".extraConfig = ''
+      encode
       tls {
           dns cloudflare {env.CF_API_KEY}
           resolvers 1.1.1.1