diff --git a/traefik.yaml b/traefik.yaml
index e69de29..41ca2d3 100644
--- a/traefik.yaml
+++ b/traefik.yaml
@@ -0,0 +1,49 @@
+# traefik.yaml
+providers:
+  docker:
+    exposedByDefault: false
+  file:
+    directory: /etc/traefik/
+
+entryPoints:
+  websecure:
+    address: ":443"
+
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: "admin@example.ch"
+      storage: "/letsencrypt/acme.json"
+      tlsChallenge: true
+      #caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict : true
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      curvePreferences:
+        - secp521r1
+        - secp384r1
+
+    mintls13:
+      minVersion: VersionTLS13
+
+http:
+  middlewares:
+    default-headers:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 63072000