diff --git a/docker-compose.yml b/docker-compose.yml
index 7f75805..17c64d0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,8 +7,36 @@ services:
       - ${Z2M_DEVICE}:/dev/z2m_usb_device
     environment:
       - TZ=${Z2M_TIMEZONE}
+    labels:
+      - traefik.enable=${TRAEFIK_ENABLED}
+      - traefik.docker.network=${TRAEFIK_NETWORK}
+      ### Section HTTP
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
+      # redirect to HTTPS only
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      ### Section HTTPS
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
+      # configure the exposed service
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      # of course, enable TLS and it's certificate provider
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
+      # specify a service so a custom port can be used
+      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
+      ### Section DIUN
+      - diun.enable=${DIUN_ENABLE}
+      - diun.watch_repo=${DIUN_WATCHREPO}
+      - diun.sort_tags=${DIUN_SORTALGO}
+      - diun.include_tags=${DIUN_INCLUDE}
+      - diun.exclude_tags=${DIUN_EXCLUDE}
+    networks:
+      - traefik
     volumes:
       - ${Z2M_DATA}:/app/data
       - /run/udev:/run/udev:ro
-    ports:
-      - 8080:8080
+networks:
+  traefik:
+    external: true
+    name: ${TRAEFIK_NETWORK}
diff --git a/env.example b/env.example
index 1b2801c..7f2380b 100644
--- a/env.example
+++ b/env.example
@@ -1,4 +1,22 @@
+# zigbee2mqtt
 Z2M_VERSION=1.25.2
 Z2M_DATA=./data
 Z2M_DEVICE=/dev/ttyUSB0
 Z2M_TIMEZONE=Europe/Rome
+
+# Træfik
+TRAEFIK_ENABLED=true
+TRAEFIK_NETWORK=traefik
+TRAEFIK_MATCHRULE=zigbee2mqtt.example.com
+TRAEFIK_ROUTER=zigbee2mqtt_example_com
+TRAEFIK_SERVICE=zigbee2mqtt_example_com
+TRAEFIK_SERVICE_PORT=8080
+TRAEFIK_TLSENABLED=true
+TRAEFIK_CERTRESOLVER=letsencrypt
+
+# DIUN
+DIUN_ENABLE=true
+DIUN_WATCHREPO=true
+DIUN_SORTALGO=semver
+DIUN_INCLUDE=[0-9]\.[0-9]\.[0-9]
+DIUN_EXCLUDE=