diff --git a/docker-compose.yml b/docker-compose.yml
index a4a4038..2742b5b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,21 +5,25 @@ services:
     image: traefik:v2.5
     container_name: traefik
     command:
-      - "--api.insecure=true"  # Enable Traefik dashboard (ensure security for production)
-      - "--log.level=DEBUG"    # Enable DEBUG level logs
-      - "--accesslog"          # Enable access logs
-      - "--entrypoints.web.address=:80"  # Listen on port 80 (HTTP)
-      - "--entrypoints.websecure.address=:443"  # Listen on port 443 (HTTPS)
+      - "--api.insecure=true"
+      - "--log.level=DEBUG"
+      - "--accesslog"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"  # Still listen on 443, but traffic will be HTTP after passing through AEZA
+      - "--entrypoints.websecure.http.middlewares=ssl-redirect"  # Redirect HTTP to HTTPS if required
     ports:
-      - "80:80"   # Expose HTTP port 80
-      - "443:443" # Expose HTTPS port 443
-      - "8080:8080"  # Traefik Dashboard (ensure to secure this in production)
+      - "80:80"   # Expose port 80 for HTTP
+      - "443:443" # Expose port 443 for HTTPS (AEZA will handle SSL termination)
+      - "8080:8080" # Traefik dashboard, ensure it's secure if exposed
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"  # Allow Traefik to interact with Docker
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/path/to/acme.json:/acme.json"  # Path to store Let's Encrypt certs (if using)
     networks:
       - web
     labels:
       - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`dash.embermarket.app`)"
+      - "traefik.http.services.dashboard.loadbalancer.server.port=3000"
 
   nextjs-app:
     build: