diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml
index 03bc851..cd1ffce 100644
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@@ -1,5 +1,9 @@
 traefik_name: traefik
 traefik_version: latest
-traefik_port: 8000
-traefik_admin_port: 8080
-traefik_domain: localhost
+traefik_options:
+  - "--providers.docker"
+  - "--providers.docker.exposedbydefault=false"
+  - "--entrypoints.web.address=:80"
+  - "--api=true"
+traefik_ports:
+  - "80:80"
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index 919edf5..ea7fc61 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -1,12 +1,23 @@
+- name: Create traefik network
+  docker_network:
+    name: traefik-net
+
 - name: Start Traefik container
   docker_container:
     name: "{{ traefik_name }}"
     image: traefik:{{ traefik_version }}
-    command: --api.insecure=true --providers.docker --providers.docker.exposedbydefault=false
+    command: "{{ traefik_options }}"
     state: started
     restart_policy: always
-    ports:
-      - "{{ traefik_port }}:80"
-      - "{{ traefik_admin_port }}:8080"
+    ports: "{{ traefik_ports }}"
+    networks_cli_compatible: "false"
+    networks:
+      - name: "traefik-net"
+    labels:
+      traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
+      traefik.http.routers.traefik.service: "api@internal"
+      traefik.http.middlewares.traefik.basicauth.users: "{{ traefik_auth }}"
+      traefik.docker.network: "proxy_traefik-net"
+      traefik.enable: "true"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock