diff --git a/README.md b/README.md
index 6b4fd38..9a6c19e 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,11 @@ https://github.com/matusnovak/homelab
 
 ## Traefik
 
+Avant de lancer les contenaires, il faut gérer les certificats
+
+    mkcert -install
+    mkcert -key-file ./certs/local-key.pem -cert-file ./certs/local-cert.pem localdev 'docker.localdev' '*.docker.localdev'
+
 ### Sources
 
 https://zestedesavoir.com/billets/3355/traefik-v2-https-ssl-en-localhost/
diff --git a/traefik/config.yml b/traefik/config.yml
new file mode 100755
index 0000000..be1934e
--- /dev/null
+++ b/traefik/config.yml
@@ -0,0 +1,16 @@
+# traefik/config.yml
+http:
+  routers:
+    traefik:
+      rule: "Host(`traefik.combava.lan`)"
+      service: "api@internal"
+      tls:
+        domains:
+          - main: "combava.lan"
+            sans:
+              - "*.combava.lan"
+
+tls:
+  certificates:
+    - certFile: "/etc/certs/local-cert.pem"
+      keyFile: "/etc/certs/local-key.pem"
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
new file mode 100755
index 0000000..f325fb2
--- /dev/null
+++ b/traefik/docker-compose.yml
@@ -0,0 +1,52 @@
+# docker-compose.yml
+version: '3'
+
+services:
+  reverse-proxy:
+    image: traefik:v2.6
+    container_name: traefik
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      # Web
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # On map la conf statique dans le conteneur
+      - ./traefik.yml:/etc/traefik/traefik.yml:ro
+      # On map la conf dynamique statique dans le conteneur
+      - ./config.yml:/etc/traefik/config.yml:ro
+      # On map les certificats dans le conteneur
+      - ./certs:/etc/certs:ro
+    networks:
+      - gateway
+    labels:
+      # Permettre à ce conteneur d'être accessible par traefik
+      # Pour plus d'information, voir : https://docs.traefik.io/providers/docker/#exposedbydefault
+      - "traefik.enable=true"
+      # Utilise la configuration du routeur "traefik" définie dans le fichier de configuration dynamique : ./traefik/config.yml
+      - "traefik.http.routers.traefik=true"
+
+  whoami:
+    image: containous/whoami
+    container_name: whoami
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.combava.lan`)"
+      - "traefik.http.routers.whoami.tls=true"
+      - "traefik.http.routers.whoami.entrypoints=https"
+      # Si le port est différent de 80, utilisez le service suivant:
+      # - "traefik.http.services.<service_name>.loadbalancer.server.port=<port>"
+      - traefik.http.services.whoami.loadbalancer.server.port=80
+    networks:
+      - gateway
+
+
+networks:
+  gateway:
+    external: true
+
+
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
new file mode 100755
index 0000000..0560181
--- /dev/null
+++ b/traefik/traefik.yml
@@ -0,0 +1,40 @@
+global:
+  sendAnonymousUsage: false
+
+api:
+  dashboard: true
+  insecure: true
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+    exposedByDefault: false
+
+  file:
+    filename: /etc/traefik/config.yml
+    watch: true
+
+log:
+  level: INFO
+  format: common
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+http:
+  routers:
+    redirecttohttps:
+      entryPoints:
+        - "http"
+      middlewares:
+        - "httpsredirect"
+http:
+  middlewares:
+    httpsredirect:
+      redirectScheme:
+        scheme: https
+        permanent: true