diff --git a/docker-compose.yml b/docker-compose.yml
index 6b6091d..437faad 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,8 +12,18 @@ name: immich
 services:
   immich-server:
     container_name: immich_server
+    networks:
+      - traefik-public
     labels:
       - "com.centurylinklabs.watchtower.monitor-only=true"
+      - "traefik.enable=true"
+      - "traefik.http.routers.immich.rule=Host(`immich.yourdomain.com`)"
+      - "traefik.http.routers.immich.entrypoints=websecure"
+      - "traefik.http.routers.immich.tls.certresolver=myresolver"
+      
+      # Pulling the security rules dynamically from our file provider setup
+      - "traefik.http.routers.immich.middlewares=geoblock-policy@file,crowdsec-policy@file,secure-headers@file"
+      - "traefik.http.services.immich.loadbalancer.server.port=2283"
     image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
     # extends:
     #   file: hwaccel.transcoding.yml
@@ -32,6 +42,8 @@ services:
     restart: always
     healthcheck:
       disable: false
+    traefik-public:
+        external: true
 
   immich-machine-learning:
     container_name: immich_machine_learning