diff --git a/modules/kubernetes/reverse-proxy/main.tf b/modules/kubernetes/reverse-proxy/main.tf
new file mode 100644
index 00000000..5a858b9c
--- /dev/null
+++ b/modules/kubernetes/reverse-proxy/main.tf
@@ -0,0 +1,71 @@
+# Create reverse proxy for external ip
+# e.g internet -> k8s -> ip on lan, external to k8s
+
+resource "kubernetes_service" "openwrt" {
+  metadata {
+    name      = "external-ip"
+    namespace = "website"
+    labels = {
+      "run" = "external-ip"
+    }
+    annotations = {
+      # "prometheus.io/scrape" = "true"
+      # "prometheus.io/path"   = "/metrics"
+      # "prometheus.io/port"   = "9113"
+    }
+  }
+
+  spec {
+    port {
+      name        = "app"
+      port        = "443"
+      target_port = "5001"
+      protocol    = "TCP"
+    }
+    cluster_ip       = "None"
+    type             = "ClusterIP"
+    session_affinity = "None"
+  }
+}
+
+# kind: Endpoints
+# apiVersion: v1
+# metadata:
+#   name: external-ip
+#   namespace: default
+# subsets:
+#   - addresses:
+#       - ip: 192.168.1.1
+#     ports:
+#       - name: app
+#         port: 443
+#         protocol: TCP
+
+resource "kubernetes_ingress" "openwrt" {
+  metadata {
+    name      = "openwrt-ingress"
+    namespace = "website"
+    annotations = {
+      "nginx.ingress.kubernetes.io/backend-protocol" = "https"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["home.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "home.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "external-ip"
+            service_port = "443"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/terraform.tfstate b/terraform.tfstate
index 09b56adc..86b150ac 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ