diff --git a/docker-compose.yml b/docker-compose.yml
index e9358a8..2e4ac20 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,41 +1,61 @@
 services:
-  db:
+  database:
     image: postgres:16-alpine
-    container_name: wishlist-db
+    container_name: wishlist-postgres
+    restart: unless-stopped
     environment:
-      POSTGRES_USER: wishlistuser
-      POSTGRES_PASSWORD: wishlistpassword
-      POSTGRES_DB: wishlist
-    ports:
-      - "5432:5432"
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
     volumes:
-      - postgres_data:/var/lib/postgresql/data
+      - /mnt/HC_Volume_102830676/wishlist:/var/lib/postgresql/data
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U wishlistuser -d wishlist"]
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
       interval: 10s
       timeout: 5s
       retries: 5
+    networks:
+      - wishlist-net
 
   app:
     build:
       context: .
       dockerfile: Dockerfile
     container_name: wishlist-app
+    restart: unless-stopped
     environment:
-      DATABASE_URL: postgresql://wishlistuser:wishlistpassword@db:5432/wishlist
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/${POSTGRES_DB}
       NODE_ENV: production
       PORT: 3000
-      AUTH_SECRET: ${AUTH_SECRET:-change-me-in-production}
-      AUTH_URL: ${AUTH_URL:-http://localhost:3000}
-      AUTH_TRUST_HOST: true
+      AUTH_SECRET: ${AUTH_SECRET}
+      AUTH_URL: ${AUTH_URL}
+      AUTH_TRUST_HOST: "true"
       GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
       GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-}
-    ports:
-      - "3000:3000"
+      AUTHENTIK_CLIENT_ID: ${AUTHENTIK_CLIENT_ID:-}
+      AUTHENTIK_CLIENT_SECRET: ${AUTHENTIK_CLIENT_SECRET:-}
+      AUTHENTIK_ISSUER: ${AUTHENTIK_ISSUER:-}
     depends_on:
-      db:
+      database:
         condition: service_healthy
-    restart: unless-stopped
+    networks:
+      - wishlist-net
+      - traefik-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik-net
+      # HTTPS router
+      - traefik.http.routers.wishlist.rule=Host(`wish.rasmusq.com`)
+      - traefik.http.routers.wishlist.entrypoints=websecure
+      - traefik.http.routers.wishlist.tls.certresolver=letsencrypt
+      # Forward headers for Auth.js
+      - traefik.http.routers.wishlist.middlewares=wishlist-headers
+      - traefik.http.middlewares.wishlist-headers.headers.customRequestHeaders.X-Forwarded-Proto=https
+      - traefik.http.middlewares.wishlist-headers.headers.customRequestHeaders.X-Forwarded-Host=wish.rasmusq.com
+      - traefik.http.services.wishlist.loadbalancer.server.port=3000
 
-volumes:
-  postgres_data:
+networks:
+  wishlist-net:
+    name: wishlist-net
+  traefik-net:
+    external: true