diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..00471d9
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,39 @@
+version: "3"
+
+services:
+  pihole:
+    image: ${PH_IMAGE}
+    container_name: ${PH_CONTAINER_NAME}
+    restart: unless-stopped
+    environment:
+      - TZ: "${PH_TIMEZONE}"
+      - WEBPASSWORD: "${PH_WEPASSWORD}"
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik-proxy
+      ### Section HTTP
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
+      # redirect to HTTPS only
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      ### Section HTTPS
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      # of course, enable TLS and it's certificate provider
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
+      # specify a service so a custom port can be used
+      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+    volumes:
+      - ./data/pihole:/etc/pihole/
+      - ./data/dnsmasq.d:/etc/dnsmasq.d/
+
+networks:
+  traefik-proxy:
+    external: true
+    name: ${TRAEFIK_NETWORK}
diff --git a/env.example b/env.example
new file mode 100644
index 0000000..a0a897c
--- /dev/null
+++ b/env.example
@@ -0,0 +1,9 @@
+PH_IMAGE=pihole/pihole:latest
+PH_CONTAINER_NAME=pihole
+PH_TIMEZONE=Europe/Rome
+PH_WEBPASSWORD=admin
+TRAEFIK_MATCHRULE=pihole.mydomain.com
+TRAEFIK_ROUTER=pihole_mydomain_com
+TRAEFIK_SERVICE=pihole_mydomain_com
+TRAEFIK_SERVICE_PORT=80
+TRAEFIK_NETWORK=traefik-proxy