diff --git a/templates/vaultwarden.quadlet.j2 b/templates/vaultwarden.quadlet.j2
index 6bbd373..0c8f31c 100644
--- a/templates/vaultwarden.quadlet.j2
+++ b/templates/vaultwarden.quadlet.j2
@@ -19,13 +19,10 @@ Environment=SMTP_SECURITY={{ vaultwarden_smtp_security }}
 Environment=SMTP_USERNAME={{ vaultwarden_smtp_username }}
 Environment=SMTP_PASSWORD={{ vaultwarden_smtp_password }}
 
-
-
 Network=traefik.network
 
 Volume=/var/vaultwarden/{{ vaultwarden_identifier }}:/data
 
-
 NoNewPrivileges=true
 DropCapability=All
 
@@ -34,10 +31,13 @@ DropCapability=All
 #SecurityLabelDisable=true
 PodmanArgs=--userns=keep-id --security-opt label=disable
 
-Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls.certresolver=resolver"
-Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.tls=true"
-Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
-Label="traefik.http.routers.vaultwarden-{{ vaultwarden_identifier }}.loadbalancer.server.port=8080"
+Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls.certresolver=resolver"
+Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.tls=true"
+Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}.rule=Host(`{{ vaultwarden_url }}`)"
+Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}.loadbalancer.server.port=8080"
+Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.rule=Host(`{{ vaultwarden_url }}`) && Path(`/notifications/hub`)""
+Label="traefik.http.routers.vaultwarden{{ vaultwarden_identifier }}websocket.service=vaultwarden-{{ vaultwarden_identifier }}-websocket"
+Label="traefik.http.services.vaultwarden{{ vaultwarden_identifier }}websocket.loadbalancer.server.port=3012"
 
 [Service]
 Restart=on-failure