diff --git a/www.spee.ch/advanced-docker-compose.yml b/www.spee.ch/advanced-docker-compose.yml
index 5e197c7..6be5f5b 100644
--- a/www.spee.ch/advanced-docker-compose.yml
+++ b/www.spee.ch/advanced-docker-compose.yml
@@ -99,6 +99,51 @@ services:
         aliases:
           - adminer
 
+#####################
+## Proxy container ##
+#####################
+#####################
+## https://www.digitalocean.com/community/tutorials/how-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04
+  proxy:
+    image: traefik:alpine
+    # command: --api --docker --docker.domain=docker.localhost --logLevel=DEBUG
+    command: --api  --docker --logLevel=ERROR
+    depends_on:
+      - adminer
+    ports:
+      - target: 80
+        published: 80
+        mode: host
+      - target: 443
+        published: 443
+        mode: host
+    expose:
+      - 8080
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/persistence/traefik/traefik.toml:/traefik.toml
+      ## This is going to be stored by default in the following host dir in staging.
+      #  There is a rate limit for how many issuances you can request per week.
+      #  Because of this we will store the acme.json file persistently.
+      #  In production we are going to need to figure out how it'll work with Kubernetes or variant.
+      - ../data/traefik/:/opt/traefik/
+    labels:
+      # https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
+      - "traefik.backend=proxy"
+      - "traefik.docker.network=green"
+      - "traefik.frontend.rule=Host:monitor.YOURDOMAINHERE"
+      - "traefik.expose=true"
+      - "traefik.port=8080"
+    healthcheck:
+       test: ["CMD", "traefik", "healthcheck"]
+       timeout: 10s
+       retries: 3
+    networks:
+      green:
+        ipv4_address: 10.5.0.10
+        aliases:
+          - traefik
+
 #########################
 ## Network Definitions ##
 #########################