diff --git a/certs/README.md b/certs/README.md
new file mode 100644
index 0000000..12f86aa
--- /dev/null
+++ b/certs/README.md
@@ -0,0 +1,6 @@
+Drop in directory for certificates.
+You can generate the necessary certs with:
+
+``` shell
+openssl req -x509 -newkey rsa:4096 -keyout certs/traefik.key -out certs/treafik.crt -days 365
+```
diff --git a/dktk-fed/docker-compose.yml b/dktk-fed/docker-compose.yml
index 4939449..c0b9434 100644
--- a/dktk-fed/docker-compose.yml
+++ b/dktk-fed/docker-compose.yml
@@ -9,11 +9,14 @@ services:
       - --entrypoints.web.address=:80
       - --entrypoints.web-secure.address=:443
       - --providers.docker=true
+      - --providers.file.directory=/etc/traefik/dynamic_conf
     ports:
       - 80:80
       - 443:443
       - 8080:8080
     volumes:
+      - ../certs:/tools/certs
+      - ./traefik.yml:/etc/traefik/dynamic_conf/traefik.yml:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ../auth/:/auth
     extra_hosts:
diff --git a/dktk-fed/traefik.yml b/dktk-fed/traefik.yml
new file mode 100644
index 0000000..d3c2c5b
--- /dev/null
+++ b/dktk-fed/traefik.yml
@@ -0,0 +1,4 @@
+tls:
+  certificates:
+    - certFile: /tools/certs/traefik.crt
+      keyFile: /tools/certs/traefik.key