diff --git a/hosts.example.ini b/hosts.example.ini
index 53ad172..2b20623 100644
--- a/hosts.example.ini
+++ b/hosts.example.ini
@@ -7,4 +7,7 @@ ansible_python_interpreter=/usr/bin/python3
 www_user=user
 www_group=group
 www_home=/home/user
-
+traefik_dashboard=false
+traefik_dashboard_host=traefik.example.com
+traefik_log_level=ERROR
+traefik_letsencrypt_email=admin@example.com
diff --git a/playbook.yml b/playbook.yml
index 2cb87d2..735625b 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -13,3 +13,4 @@
   roles:
     - wwwuser
     - docker
+    - traefik
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
new file mode 100644
index 0000000..3dbc8f0
--- /dev/null
+++ b/roles/traefik/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+- name: create directory
+  file:
+    path: "{{ www_home }}/traefik"
+    state: directory
+    owner: "{{ www_user }}"
+    group: "{{ www_group }}"
+
+- name: check if acme file exists
+  stat:
+    path: "{{ www_home }}/traefik/acme.json"
+  register: acme_file
+
+- name: create acme file if does not exists
+  file:
+    path: "{{ www_home }}/traefik/acme.json"
+    state: touch
+    mode: 0600
+    owner: "{{ www_user }}"
+    group: "{{ www_group }}"
+  when: acme_file.stat.exists == False
+
+- name: add config file
+  template:
+    src: traefik.yml.j2
+    dest: "{{ www_home }}/traefik/traefik.yml"
+    mode: 0600
+    owner: "{{ www_user }}"
+    group: "{{ www_group }}"
+
+- name: create network
+  docker_network:
+    name: web
+
+- name: create container
+  docker_container:
+    name: traefik
+    image: traefik:2.4
+    restart_policy: unless-stopped
+    recreate: true
+    networks:
+      - name: web
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "{{ www_home }}/traefik/traefik.yml:/etc/traefik/traefik.yml"
+      - "{{ www_home }}/traefik/acme.json:/acme.json"
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.dashboard.rule: Host(`{{ traefik_dashboard_host }}`)
+      traefik.http.routers.dashboard.entryPoints: http
+      traefik.http.routers.dashboard.service: api@internal
diff --git a/roles/traefik/templates/traefik.yml.j2 b/roles/traefik/templates/traefik.yml.j2
new file mode 100644
index 0000000..cb1face
--- /dev/null
+++ b/roles/traefik/templates/traefik.yml.j2
@@ -0,0 +1,24 @@
+entryPoints:
+  http:
+    address: :80
+  https:
+    address: :443
+
+log:
+  level: {{ traefik_log_level | default('ERROR') }}
+
+api:
+  dashboard: {{ traefik_dashboard | default(false) }}
+
+providers:
+  docker:
+    network: web
+    exposedByDefault: false
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "{{ traefik_letsencrypt_email }}"
+      storage: "acme.json"
+      httpChallenge:
+        entryPoint: http