diff --git a/traefik/docker-compose-global.yml b/traefik/docker-compose-global.yml
new file mode 100644
index 0000000..273336a
--- /dev/null
+++ b/traefik/docker-compose-global.yml
@@ -0,0 +1,49 @@
+services:
+  traefik:
+    image: traefik:v3.1
+    container_name: ${TRAEFIK_NAME:-traefik}
+    restart: unless-stopped
+
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+
+      # Optional: Let's Encrypt
+      - "--certificatesresolvers.le.acme.httpchallenge=true"
+      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL:-admin@example.com}"
+      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
+
+      # Dashboard
+      - "--api.dashboard=true"
+
+    ports:
+      - "${TRAEFIK_HTTP_PORT:-80}:80"
+      - "${TRAEFIK_HTTPS_PORT:-443}:443"
+      - "${TRAEFIK_DASHBOARD_PORT:-8080}:8080"
+
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "traefik_letsencrypt:/letsencrypt"
+
+    networks:
+      - proxy
+
+    labels:
+      - "traefik.enable=true"
+
+      # Dashboard über HTTPS
+      - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST:-traefik.local}`)"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.tls.certresolver=le"
+
+volumes:
+  traefik_letsencrypt:
+
+networks:
+  proxy:
+    name: proxy
+    driver: bridge