diff --git a/host_vars/unhb4/unhb4.yml b/host_vars/unhb4/unhb4.yml
index 4267421..beaa2f2 100644
--- a/host_vars/unhb4/unhb4.yml
+++ b/host_vars/unhb4/unhb4.yml
@@ -64,6 +64,8 @@ firewall_ports:
   - 64738/udp # Mumble
   - 21117/tcp # Rustdesk
 
+traefik_container_name: "traefik"
+
 version:
   authentik: "2023.10.3"
   element_web: "latest"
diff --git a/roles/authentik_docker/tasks/main.yml b/roles/authentik_docker/tasks/main.yml
index deefd9b..203f2c3 100644
--- a/roles/authentik_docker/tasks/main.yml
+++ b/roles/authentik_docker/tasks/main.yml
@@ -3,7 +3,8 @@
 - name: "Install dependencies"
   ansible.builtin.apt:
     pkg:
-      - docker.io
+      - docker-ce
+      - apparmor
 
 - name: "Create directory for Authentik with Docker"
   ansible.builtin.file:
diff --git a/roles/authentik_docker/templates/authentik-server-docker.service.j2 b/roles/authentik_docker/templates/authentik-server-docker.service.j2
index 4aa0d5e..83801c9 100644
--- a/roles/authentik_docker/templates/authentik-server-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-server-docker.service.j2
@@ -8,11 +8,15 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
 ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
 ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
           --network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
+          --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`)" \
+          --label "traefik.http.routers.authentik.entrypoints=websecure" \
+          --label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
+          --label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
           --env-file {{ docker_volumes_dir }}/authentik/authentik.env \
           -v {{ docker_volumes_dir }}/authentik/media:/media \
           -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
           ghcr.io/goauthentik/server:{{ version.authentik }} server
-ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.server }}"
+ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}"
 ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
 Restart=always
 RestartSec=60s
diff --git a/roles/element_web_docker/tasks/main.yml b/roles/element_web_docker/tasks/main.yml
index 6b9e4e0..ea69bbf 100644
--- a/roles/element_web_docker/tasks/main.yml
+++ b/roles/element_web_docker/tasks/main.yml
@@ -3,7 +3,8 @@
 - name: "Install dependencies"
   ansible.builtin.apt:
     pkg:
-      - docker.io
+      - docker-ce
+      - apparmor
 
 - name: "Create directory for Element Web with Docker"
   ansible.builtin.file:
diff --git a/roles/element_web_docker/templates/element-web-docker.service.j2 b/roles/element_web_docker/templates/element-web-docker.service.j2
index 8bc8379..8cd36e0 100644
--- a/roles/element_web_docker/templates/element-web-docker.service.j2
+++ b/roles/element_web_docker/templates/element-web-docker.service.j2
@@ -6,14 +6,18 @@ Requires=docker.service
 [Service]
 ExecStartPre=-/usr/bin/docker rm --force {{ container_names.element_web.element_web }}
 ExecStart=/usr/bin/docker run --rm --name {{ container_names.element_web.element_web }} \
-          --network nginx_net --env-file {{ docker_volumes_dir }}/element_web/element_web.env \
+          --network traefik --env-file {{ docker_volumes_dir }}/element_web/element_web.env \
+          --label "traefik.enable=true" --label "traefik.http.routers.element.rule=Host(`chat.un-hack-bar.de`)" \
+          --label "traefik.http.routers.element.entrypoints=websecure" \
+          --label "traefik.http.routers.element.tls.certresolver=letsencrypt" \
+          --label "traefik.http.services.element.loadbalancer.server.port=80" \
+          --env-file {{ docker_volumes_dir }}/element_web/element_web.env \
           -v {{ docker_volumes_dir }}/element_web/config/config.json:/app/config.json:ro \
           -v {{ docker_volumes_dir }}/element_web/config/unhb.png:/app/unhb.png:ro \
           vectorim/element-web:{{ version.element_web }}
 ExecStop=-/usr/bin/docker stop {{ container_names.element_web.element_web }}
 Restart=always
 RestartSec=60s
-TimeoutRestartSec=60s
 Type=exec
 
 [Install]
diff --git a/roles/pretix_docker/templates/pretix.service.j2 b/roles/pretix_docker/templates/pretix.service.j2
index cb7c68b..7364596 100644
--- a/roles/pretix_docker/templates/pretix.service.j2
+++ b/roles/pretix_docker/templates/pretix.service.j2
@@ -13,7 +13,7 @@ ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network
           -v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
           pretix/standalone:stable
 ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ pretix_container_name }}"
-ExecStop=/usr/bin/docker stop {{ watchtower_container_name }}
+ExecStop=/usr/bin/docker stop {{ pretix_container_name }}
 Restart=always
 RestartSec=15s
 Type=exec
diff --git a/roles/traefik_docker/handlers/main.yml b/roles/traefik_docker/handlers/main.yml
new file mode 100644
index 0000000..722da86
--- /dev/null
+++ b/roles/traefik_docker/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart-traefik-docker
+  ansible.builtin.service:
+    state: restarted
+    name: traefik.service
+  tags: molecule-notest
diff --git a/roles/traefik_docker/tasks/main.yml b/roles/traefik_docker/tasks/main.yml
new file mode 100644
index 0000000..e4b8373
--- /dev/null
+++ b/roles/traefik_docker/tasks/main.yml
@@ -0,0 +1,78 @@
+---
+
+- name: "Install dependencies"
+  ansible.builtin.apt:
+    pkg:
+      - docker-ce
+      - apparmor
+
+- name: "Create directory for Traefik"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  with_items:
+    - "{{ docker_volumes_dir }}/traefik"
+
+#- name: "Ensure Pretix has access to its files"
+#  ansible.builtin.file:
+#    path: "{{ item }}"
+#    state: file
+#    owner: 15371
+#    group: 15371
+#    mode: '0600'
+#  with_items:
+#    - "{{ docker_volumes_dir }}/pretix/data/.secret"
+
+#- name: "Template .env files for Pretix"
+#  ansible.builtin.template:
+#    src: "{{ item }}.j2"
+#    dest: "{{ docker_volumes_dir }}/pretix/{{ item }}"
+#    force: true
+#    owner: root
+#    group: root
+#    mode: '0660'
+#  with_items:
+#    - pretix.env
+#    - pretix-db.env
+#  notify: restart-pretix-docker
+
+#- name: "Template Config for Pretix"
+#  ansible.builtin.template:
+#    src: "{{ item }}.j2"
+#    dest: "{{ docker_volumes_dir }}/pretix/conf/{{ item }}"
+#    force: true
+#    owner: 15371
+#    group: 15371
+#    mode: '0640'
+#  with_items:
+#    - pretix.cfg
+#  notify: restart-pretix-docker
+
+- name: "Template systemd unit files for Traefik"
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    force: true
+    owner: root
+    group: root
+    mode: '0644'
+  with_items:
+    - traefik.service
+  register: unit
+  notify: restart-traefik-docker
+    
+- name: "Reload systemd units"
+  ansible.builtin.systemd:
+    daemon_reload: yes
+  when: unit.changed
+
+- name: "Enable systemd units for Pretix"
+  ansible.builtin.systemd:
+    state: started
+    enabled: true
+    name: "{{ item }}"
+  with_items:
+    - traefik.service
diff --git a/roles/traefik_docker/templates/traefik.service.j2 b/roles/traefik_docker/templates/traefik.service.j2
new file mode 100644
index 0000000..2eaa3c4
--- /dev/null
+++ b/roles/traefik_docker/templates/traefik.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=Traefik with Docker
+After=docker.service
+Requires=docker.service
+
+[Service]
+ExecStartPre=-/usr/bin/docker rm --force {{ traefik_container_name }}
+ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \
+          -v /var/run/docker.sock:/var/run/docker.sock  -v {{ docker_volumes_dir }}/traefik/traefik.toml:/traefik.toml \
+          -v {{ docker_volumes_dir }}/traefik/traefik_dynamic.toml:/traefik_dynamic.toml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \
+          -p 80:80 -p 443:443 -p 8448:8448 --network traefik traefik:v2.10.5
+ExecStop=/usr/bin/docker stop {{ traefik_container_name }}
+Restart=always
+RestartSec=15s
+Type=exec
+
+[Install]
+WantedBy=multi-user.target
diff --git a/site.yml b/site.yml
index beabc48..f756403 100644
--- a/site.yml
+++ b/site.yml
@@ -18,8 +18,8 @@
   remote_user: root
   
   roles:
-    - watchtower_docker
-    - pretix_docker
+    - watchtower_docker		# Needs changes when migrating to Traefik
+    - pretix_docker		# Needs changes when migrating to Traefik
 
 - name: Set up roles on unhb4
   hosts: unhb4
@@ -28,3 +28,4 @@
   roles:
     - authentik_docker
     - element_web_docker
+    - traefik_docker