diff --git a/docker-compose.yaml b/docker-compose.yaml
index c8d1f80..d9818c7 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,15 +1,17 @@
 services:
   portainer:
     # if behind proxy
-    command: --trusted-origins=portainer.gmolab.net
+#    command: --trusted-origins=portainer.vdglab.net
     # without proxy
     #command: --sslcert /certs/gmolab.net.crt --sslkey /certs/gmolab.net.key
     #command: --sslcert /certs/gmotech.net.crt --sslkey /certs/gmotech.net.key
     image: portainer/portainer-ee:latest
+    networks:
+      - traefik-net  
     container_name: portainer
-    ports:
+#    ports:
       # if behind proxy
-      - 9000:9000 
+#      - 9000:9000 
       # without proxy
       #- 9443:9443
     volumes:
@@ -17,4 +19,16 @@ services:
       #- /home/docker/certs:/certs    
       - /home/docker/portainer/data:/data
       - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.vdglab.net`)"
+      - "traefik.docker.network=traefik-net"      
+      - "traefik.http.routers.portainer.entrypoints=websecure"
+      - "traefik.http.routers.portainer.tls=true"
+#      # Facultatif mais propre : forcer l'usage du cert SSL défini dans le fichier dynamique
+      - "traefik.http.routers.portainer.tls.options=default"
+      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
     restart: always
+networks:
+  traefik-net:
+    external: true