diff --git a/homelab/jafner-tools/config/traefik/config/middlewares.yaml b/homelab/jafner-tools/config/traefik/config/middlewares.yaml
new file mode 100644
index 00000000..acfa9e17
--- /dev/null
+++ b/homelab/jafner-tools/config/traefik/config/middlewares.yaml
@@ -0,0 +1,27 @@
+http:
+  middlewares:
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.1/24"
+    securityheaders:
+      headers:
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+          server: ""
+        sslProxyHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: "same-origin"
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        customRequestHeaders:
+          X-Forwarded-Proto: "https"
+          X-Scheme: https
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 63072000
+        stsPreload: true
+
diff --git a/homelab/jafner-tools/config/traefik/config/traefik_api.yaml b/homelab/jafner-tools/config/traefik/config/traefik_api.yaml
new file mode 100644
index 00000000..fe3f3de7
--- /dev/null
+++ b/homelab/jafner-tools/config/traefik/config/traefik_api.yaml
@@ -0,0 +1,8 @@
+http:
+  routers:
+    api:
+      rule: "Host(`traefik.jafner.tools`)"
+      entryPoints: "websecure"
+      service: "api@internal"
+      tls:
+        certResolver: "lets-encrypt"
\ No newline at end of file
diff --git a/homelab/jafner-tools/config/traefik/docker-compose.yml b/homelab/jafner-tools/config/traefik/docker-compose.yml
index de1a18e0..6368c3ad 100644
--- a/homelab/jafner-tools/config/traefik/docker-compose.yml
+++ b/homelab/jafner-tools/config/traefik/docker-compose.yml
@@ -11,7 +11,8 @@ services:
       - 443:443
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./traefik.toml:/traefik.toml
+      - ./traefik.yaml:/traefik.yaml
+      - ./config:/config
       - $DOCKER_DATA/acme.json:/acme.json
 networks:
   web:
diff --git a/homelab/jafner-tools/config/traefik/traefik.toml b/homelab/jafner-tools/config/traefik/traefik.toml
deleted file mode 100644
index d5040652..00000000
--- a/homelab/jafner-tools/config/traefik/traefik.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[entryPoints]
-  [entryPoints.web]
-    address = ":80"
-    [entryPoints.web.http.redirections.entryPoint]
-      to = "websecure"
-      scheme = "https"
-  [entryPoints.websecure]
-    address = ":443"
-
-[certificatesResolvers.lets-encrypt.acme]
-  email = "jafner425@gmail.com"
-  storage = "acme.json"
-  caServer = "https://acme-v02.api.letsencrypt.org/directory"
-  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]
-
-[providers.docker]
-  watch = true
-  network = "web"
diff --git a/homelab/jafner-tools/config/traefik/traefik.yaml b/homelab/jafner-tools/config/traefik/traefik.yaml
new file mode 100644
index 00000000..111b33e5
--- /dev/null
+++ b/homelab/jafner-tools/config/traefik/traefik.yaml
@@ -0,0 +1,28 @@
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: :443
+
+certificatesResolvers:
+  lets-encrypt:
+    acme:
+      email: jafner425@gmail.com
+      storage: acme.json
+      tlsChallenge: {}
+
+api: 
+  insecure: true
+  dashboard: true
+
+providers:
+  docker:
+    watch: true
+    network: web
+  file:
+    directory: /config