diff --git a/traefik/data/config.yml b/traefik/data/config.yml
new file mode 100644
index 0000000..f2348e4
--- /dev/null
+++ b/traefik/data/config.yml
@@ -0,0 +1,66 @@
+http:
+ #region routers 
+  routers:
+    homeassistant:
+      entryPoints:
+        - "https"
+      rule: "Host(`hass.EXAMPLE.com`)"
+      middlewares:
+        - default-headers
+      tls: {}
+      service: homeassistant
+   
+
+#region services
+  services:
+    homeassistant:
+      loadBalancer:
+        servers:
+          - url: "http://IP_ADDRESS_OF_HOMEASSISTANT_SERVER:PORT_OF_HOMEASSISTANT"
+        passHostHeader: true
+
+
+#endregion
+  middlewares:
+    https-redirect:
+      redirectScheme:
+        scheme: https
+
+    default-headers:
+      headers:
+        frameDeny: true
+        sslRedirect: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 15552000
+        customFrameOptionsValue: SAMEORIGIN
+        customRequestHeaders:
+          X-Forwarded-Proto: https
+
+    default-whitelist:
+      ipWhiteList:
+        sourceRange:
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"
+
+    secured:
+      chain:
+        middlewares:
+        - default-whitelist
+        - default-headers
+
+    crowdsec-bouncer:
+      forwardauth:
+        address: http://bouncer-traefik:8080/api/v1/forwardAuth
+        trustForwardHeader: true
+
+    cloudflarewarp:
+      plugin:
+        cloudflarewarp:
+          disableDefault: false
+          trustip: # Trust IPS not required if disableDefault is false - we will allocate Cloud Flare IPs automatically
+