diff --git a/frontend/traefik/.env.example b/frontend/traefik/.env.example
index fbd4bd4..3f125aa 100644
--- a/frontend/traefik/.env.example
+++ b/frontend/traefik/.env.example
@@ -1,5 +1,8 @@
+DOMAIN_NAME=
+SUBDOMAIN=
 TRAEFIK_USER=
-SSL_EMAIL=
-CF_API_EMAIL=
-CF_API_KEY=
+SSL_EMAIL_FILE=/run/secrets/CF_API_EMAIL
+CF_API_EMAIL_FILE=/run/secrets/CF_API_EMAIL
+CF_API_KEY_FILE=/run/secrets/CF_API_KEY
+SSH_PORT=
 TZ=
\ No newline at end of file
diff --git a/frontend/traefik/compose.yml b/frontend/traefik/compose.yml
index ef8052c..c76a11d 100644
--- a/frontend/traefik/compose.yml
+++ b/frontend/traefik/compose.yml
@@ -4,11 +4,13 @@ services:
     container_name: ${SUBDOMAIN}
     restart: always
     command:
+      # General settings
       - "--log.level=DEBUG"
       - "--api.insecure=false"
       - "--api.dashboard=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
+      # EntryPoints configuration
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
       - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
@@ -18,41 +20,55 @@ services:
       - "--entrypoints.websecure.http.tls.certresolver=cloudflare"
       - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_NAME}"
       - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_NAME}"
+      - "--entrypoints.ssh.address=:${SSH_PORT}"
+      # Cloudflare IPs trusted for forwarded headers
       - "--entryPoints.web.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
       - "--entryPoints.websecure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
       - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
       - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
-      - "--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}"
+      - "--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL_FILE}"
       - "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
     labels:
       - traefik.enable=true
-      - traefik.http.routers.traefik_dashboard.rule=Host(`traefik.jojops.com`)
-      # - traefik.http.routers.traefik_dashboard.rule=Host(`traefik.jojops.com`) && PathPrefix(`/outpost.goauthentik.io/`)
+      - traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
+      # - traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`) && PathPrefix(`/outpost.goauthentik.io/`)
       - traefik.http.routers.traefik_dashboard.entrypoints=websecure
       - traefik.http.routers.traefik_dashboard.service=api@internal
       - traefik.http.routers.traefik_dashboard.tls=true
       - traefik.http.middlewares.myauth.basicauth.users=${TRAEFIK_USER}
-      # - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$46.RmdYB$$Rx33ChqUskl4PF1ZqSXYV1
-      # - traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
-      - traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
+      - traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
+      # - traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
       - traefik.http.routers.traefik_dashboard.tls.certresolver=cloudflare
-      # - traefik.http.routers.traefik-secure.tls.domains[0].main=jojops.com
-      # - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.jojops.com
+      # - traefik.http.routers.traefik-secure.tls.domains[0].main=${DOMAIN_NAME}
+      # - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${DOMAIN_NAME}
       # - traefik.http.middlewares.myauth.redirectscheme.scheme=https
       - traefik.http.services.traefik_dashboard.loadbalancer.server.port=80
       # - "traefik.http.middlewares.cloudflare-ips.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
     env_file:
       - .env
+    secrets:
+      - SSH_PORT
+      - CF_API_KEY
+      - CF_API_EMAIL
     volumes:
       - ./traefik_data:/letsencrypt
       - /var/run/docker.sock:/var/run/docker.sock:ro
     ports:
       - "80:80"
       - "443:443"
+      - "558:558"
     networks:
       - frontend
       - webapp
       - mgmt
+      - remote
+secrets:
+  SSH_PORT:
+    file: .secrets/SSH_PORT
+  CF_API_KEY:
+    file: .secrets/CF_API_KEY
+  CF_API_EMAIL:
+    file: .secrets/CF_API_EMAIL
 networks:
   frontend:
     external:
@@ -63,3 +79,6 @@ networks:
   mgmt:
     external:
       true
+  remote:
+    external:
+      true