diff --git a/deployment/stacks/traefik/dynamic/gitea-ssh.yml b/deployment/stacks/traefik/dynamic/gitea-ssh.yml
new file mode 100644
index 00000000..c26f5327
--- /dev/null
+++ b/deployment/stacks/traefik/dynamic/gitea-ssh.yml
@@ -0,0 +1,20 @@
+# TCP Router Configuration for Gitea SSH
+# Routes SSH traffic on port 2222 to Gitea container
+
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - gitea-ssh
+      rule: "HostSNI(`*`)"
+      service: gitea-ssh-service
+
+  services:
+    gitea-ssh-service:
+      loadBalancer:
+        servers:
+          # Gitea container SSH service
+          # Note: Using container IP from traefik-public network
+          # Traefik runs in host network mode, so we need the actual container IP
+          # IP address: 172.23.0.2 (traefik-public network)
+          - address: "172.23.0.2:22"
diff --git a/deployment/stacks/traefik/traefik.yml b/deployment/stacks/traefik/traefik.yml
index 2b1870ba..1ac54d38 100644
--- a/deployment/stacks/traefik/traefik.yml
+++ b/deployment/stacks/traefik/traefik.yml
@@ -30,6 +30,10 @@ entryPoints:
             sans:
               - "*.michaelschiemer.de"
 
+  # TCP entrypoint for Gitea SSH
+  gitea-ssh:
+    address: ":2222"
+
 # Certificate Resolvers
 certificatesResolvers:
   letsencrypt: