diff --git a/modules/kubernetes/headscale/main.tf b/modules/kubernetes/headscale/main.tf
index b95e3734..c3c0cc0c 100644
--- a/modules/kubernetes/headscale/main.tf
+++ b/modules/kubernetes/headscale/main.tf
@@ -47,7 +47,7 @@ resource "kubernetes_deployment" "headscale" {
       }
       spec {
         container {
-          image   = "headscale/headscale:latest"
+          image   = "headscale/headscale:0.22"
           name    = "headscale"
           command = ["headscale", "serve"]
           port {
@@ -150,13 +150,15 @@ resource "kubernetes_ingress_v1" "headscale" {
     namespace = "headscale"
     annotations = {
       // DO NOT ADD CLIENT TLS AUTH as this breaks vpn auth
-      "kubernetes.io/ingress.class" = "nginx"
+      "kubernetes.io/ingress.class"              = "nginx"
+      "nginx.ingress.kubernetes.io/ssl-redirect" = false # Disable SSL redirection for this Ingress
+
     }
   }
 
   spec {
     tls {
-      hosts       = ["headscale-ui.viktorbarzin.me"]
+      hosts       = ["headscale.viktorbarzin.me"]
       secret_name = var.tls_secret_name
     }
     rule {
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 45c9ab08..b29a4961 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -420,10 +420,10 @@ module "frigate" {
 #   tls_secret_name = var.tls_secret_name
 # }
 
-# module "istio" {
-#   source          = "./istio"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "istio" {
+  source          = "./istio"
+  tls_secret_name = var.tls_secret_name
+}
 
 # module "authelia" {
 #   source          = "./authelia"
diff --git a/terraform.tfstate b/terraform.tfstate
index 48fb55e8..ba5f57c1 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ