diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..89b44c2
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,30 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./certs:/etc/traefik/certs
+      - ./traefik.yml:/etc/traefik/traefik.yml
+      - ./conf:/etc/traefik/conf
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: always
+    env_file:
+      - .env
+    environment:
+      - DOMAIN=https://vault.moeny.internal
+      - SIGNUPS_ALLOWED=true
+    volumes:
+      - ./vw-data:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.rule=Host(`vault.moeny.internal`)"
+      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
\ No newline at end of file
diff --git a/traefik.yml b/traefik.yml
new file mode 100644
index 0000000..6065f44
--- /dev/null
+++ b/traefik.yml
@@ -0,0 +1,15 @@
+log:
+  level: INFO
+api:
+  insecure: true
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+providers:
+  docker:
+    exposedByDefault: false
+  file:
+    directory: /etc/traefik/conf
+    watch: true
\ No newline at end of file