diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..fb58dee
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.env
+data
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ff35664
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,55 @@
+---
+services:
+  matomo:
+    image: docker.io/matomo:${MATOMO_VERSION}
+    restart: unless-stopped
+    depends_on:
+      - mariadb
+    environment:
+      - MATOMO_DATABASE_HOST=mariadb
+      - MATOMO_DATABASE_USERNAME=${MARIADB_USER}
+      - MATOMO_DATABASE_PASSWORD=${MARIADB_PASSWORD}
+      - MATOMO_DATABASE_DBNAME=${MARIADB_DATABASE}
+    labels:
+      ### Section Træfik
+      - traefik.enable=${TRAEFIK_ENABLED}
+      - traefik.docker.network=${TRAEFIK_NETWORK}
+      ## HTTP
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
+      # redirect to HTTPS only
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTP_MIDDLEWARES}
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
+      ## HTTPS
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTPS_MIDDLEWARES}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
+      # enable TLS and its certificate provider
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      # specify a service so a custom port can be used
+      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=80
+    networks:
+      - traefik
+      - internal
+    volumes:
+      - ${MATOMO_DATA}:/var/www/html
+
+  mariadb:
+    image: mariadb:${MARIADB_VERSION}
+    restart: unless-stopped
+    environment:
+      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
+      - MARIADB_USER=${MARIADB_USER}
+      - MARIADB_PASSWORD=${MARIADB_PASSWORD}
+      - MARIADB_DATABASE=${MARIADB_DATABASE}
+    volumes:
+      - ${MARIADB_DATA}:/var/lib/mysql
+    networks:
+      - internal
+
+networks:
+  internal:
+  traefik:
+    external: true
+    name: ${TRAEFIK_NETWORK}
diff --git a/example.env b/example.env
new file mode 100644
index 0000000..e430a61
--- /dev/null
+++ b/example.env
@@ -0,0 +1,23 @@
+# Træfik
+TRAEFIK_ENABLED=true
+TRAEFIK_NETWORK=traefik
+TRAEFIK_ROUTER=matomo_example_com
+TRAEFIK_SERVICE=matomo_example_com
+TRAEFIK_SERVICE_PORT=80
+TRAEFIK_MATCHRULE=Host(`matomo.example.com`)
+TRAEFIK_TLSENABLED=true
+TRAEFIK_CERTRESOLVER=letsencrypt
+TRAEFIK_HTTP_MIDDLEWARES=http-to-https
+TRAEFIK_HTTPS_MIDDLEWARES=hsts
+
+# Matomo
+MATOMO_VERSION=5.5.0-apache
+MATOMO_DATA=./data/matomo
+
+# MariaDB Configuration
+MARIADB_VERSION=11.8.3
+MARIADB_DATA=./data/mariadb
+MARIADB_ROOT_PASSWORD=r00t
+MARIADB_USER=matomo
+MARIADB_PASSWORD=matomo
+MARIADB_DATABASE=matomo