diff --git a/roles/float-infra-replds/tasks/main.yml b/roles/float-infra-replds/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..490b984ddf7e1170c43655a2019176ae93c3b9bb
--- /dev/null
+++ b/roles/float-infra-replds/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+
+- file:
+    path: "/var/lib/replds"
+    state: directory
+    owner: docker-frontend
+    group: root
+    mode: "0750"
+
+- name: Configure replds ACLs
+  template:
+    src: "acls.j2"
+    dest: "/etc/replds.acls"
+  notify: restart replds
diff --git a/roles/float-infra-replds/templates/acls.j2 b/roles/float-infra-replds/templates/acls.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e8410b5a0c36e9cb0f9e9e1597f3e255c2c2b556
--- /dev/null
+++ b/roles/float-infra-replds/templates/acls.j2
@@ -0,0 +1,2 @@
+replds peer
+nginx credentials/public write
diff --git a/services.core.yml b/services.core.yml
index 74fd7061ed7bd4179201359225c9d02ff351910f..1615fe224f5327a5e16ef1415c2f2185b047b6e8 100644
--- a/services.core.yml
+++ b/services.core.yml
@@ -7,13 +7,36 @@ frontend:
       enable_server: false
     - name: ssoproxy
       enable_server: false
-    - name: replds-acme
+    - name: replds
   systemd_services:
     - nginx.service
     - haproxy.service
     - sso-proxy.service
-    - replds@acme.service
+    - replds2@frontend.service
+  containers:
+    - name: replds
+      image: registry.git.autistici.org/ai3/tools/replds2:master
+      env:
+        REPLDS_GRPC_ADDR: ":3636"
+        REPLDS_HTTP_ADDR: ":3638"
+        REPLDS_SSL_CERT: "/etc/credentials/x509/replds/server/cert.pem"
+        REPLDS_SSL_KEY: "/etc/credentials/x509/replds/server/private_key.pem"
+        REPLDS_SSL_CLIENT_CERT: "/etc/credentials/x509/replds/client/cert.pem"
+        REPLDS_SSL_CLIENT_KEY: "/etc/credentials/x509/replds/client/private_key.pem"
+        REPLDS_SSL_CA: "/etc/credentials/x509/replds/ca.pem"
+        REPLDS_STORE: "/var/lib/replds"
+        REPLDS_ACLS: "/etc/replds.acls"
+        REPLDS_PEERS: "{{ services['frontend'].hosts | sort | map('regex_replace', '$', '.frontend.' + domain + ':3636') | join(',') }}"
+      volumes:
+        /var/lib/replds: /var/lib/replds
+        /etc/replds/acls: /etc/replds.acls
+      args: "server"
+      ports:
+        - 3636
+        - 3638
   ports:
+    - 3636
+    - 3638
     - 5005
   volumes:
     - name: cache
@@ -22,6 +45,8 @@ frontend:
   monitoring_endpoints:
     - port: 8404
       scheme: http
+    - port: 3638
+      scheme: https
 
 dns:
   scheduling_group: frontend