diff --git a/packages/website/csp.js b/packages/website/csp.js
index 1f5b5a29..b3013bc7 100644
--- a/packages/website/csp.js
+++ b/packages/website/csp.js
@@ -1,5 +1,5 @@
 const rootDomain = process.env.VITE_DOMAIN; // or your server IP for dev
-
+import { SENTRY_HOST } from './src/lib/config.js';
 import { SENTRY_REPORT_URL } from './src/lib/config.js';
 /**
  * @type {import("@sveltejs/kit").CspDirectives}
@@ -7,7 +7,7 @@ import { SENTRY_REPORT_URL } from './src/lib/config.js';
 const cspDirectives = {
     'base-uri': ["'self'"],
     'child-src': ["'self'", "blob:"],
-    'connect-src': ["'self'", "https://*.google-analytics.com", "https://*.sentry.io"],
+    'connect-src': ["'self'", "https://*.google-analytics.com", "https://" + SENTRY_HOST],
     // 'connect-src': ["'self'", 'ws://localhost:*', 'https://hcaptcha.com', 'https://*.hcaptcha.com'],
     'img-src': ["'self'", 'data:',
         'https://*.googletagmanager.com'],
diff --git a/packages/website/src/lib/config.js b/packages/website/src/lib/config.js
index 64d8bc1a..7f0cf59b 100644
--- a/packages/website/src/lib/config.js
+++ b/packages/website/src/lib/config.js
@@ -1,6 +1,7 @@
 
 // Sentry config
-export const SENTRY_HOST = "o4507835405369344.ingest.de.sentry.io"
+// export const SENTRY_HOST = "o4507835405369344.ingest.de.sentry.io"
+export const SENTRY_HOST = "relay.ellis.link"
 export const SENTRY_PROJECT_ID = "4507835410481232"
 export const SENTRY_KEY = "d006c73cc53783930a1521a68ae1c312"
 export const SENTRY_TUNNEL_ALLOWED_IDS = [SENTRY_PROJECT_ID]
diff --git a/servers/containers/sentry-relay.container b/servers/containers/sentry-relay.container
new file mode 100644
index 00000000..76fd9a44
--- /dev/null
+++ b/servers/containers/sentry-relay.container
@@ -0,0 +1,39 @@
+# sudo mkdir /etc/sentry-relay
+# podman run --rm -it -v /etc/sentry-relay/:/work/.relay/:z --entrypoint bash getsentry/relay -c 'chown -R relay:relay /work/.relay'
+# podman run --rm -it -v /etc/sentry-relay/:/work/.relay/:z getsentry/relay config init
+# podman run --rm -it -v /etc/sentry-relay/:/work/.relay/:z getsentry/relay credentials show
+# Or add static config
+
+[Unit]
+Description=Sentry Relay
+Wants=network-online.target
+After=network-online.target
+
+[Container]
+ContainerName=sentry-relay
+NoNewPrivileges=true
+Image=docker.io/getsentry/relay:latest
+Exec=run
+Volume=/etc/sentry-relay/:/work/.relay/:z
+AutoUpdate=registry
+Network=web.network
+
+
+
+Label="traefik.enable=true"
+Label="traefik.http.routers.sentry-relay.rule=Host(`relay.ellis.link`)"
+
+Label="traefik.http.routers.sentry-relay.entrypoints=https"
+
+Label="traefik.http.routers.sentry-relay.tls.certresolver=letsencrypt"
+# Label="traefik.http.routers.sentry-relay.tls.options=intermediate@file"
+
+Label="traefik.http.routers.sentry-relay.middlewares=default@file"
+
+
+[Service]
+Restart=on-failure
+TimeoutStartSec=900
+
+[Install]
+WantedBy=default.target
\ No newline at end of file