diff --git a/docker-compose.yml.sample b/docker-compose.yml.sample
index 8154183340d662e418b531c3aae408ce104ce4fa..56d8a6b7234347341ed95bfc7190fae56a41548f 100644
--- a/docker-compose.yml.sample
+++ b/docker-compose.yml.sample
@@ -24,7 +24,7 @@ services:
         gitlab_rails['allowed_hosts'] = ['gitlab.FQDN', 'localhost', '127.0.0.1', 'gitlab']
         # Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
         # TODO replace the 172.19.0.6 ip by traefik's one
-        nginx['real_ip_trusted_addresses'] = [ '172.19.0.6' ]
+        nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ]
         # other real_ip config options
         nginx['real_ip_header'] = 'X-Forwarded-For'
         nginx['real_ip_recursive'] = 'on'
@@ -34,7 +34,7 @@ services:
         gitlab_rails['rack_attack_git_basic_auth'] = {
             'enabled' => true,
             # TODO replace the 172.19.0.6 ip by traefik's one
-            'ip_whitelist' => ["127.0.0.1", '172.19.0.6'],
+            'ip_whitelist' => ["127.0.0.1", '172.19.0.2'],
             'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
             'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
             'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
@@ -47,7 +47,7 @@ services:
         gitlab_rails['smtp_password'] = "changeme"
         gitlab_rails['smtp_domain'] = "changeme"
         gitlab_rails['smtp_authentication'] = "login"
-        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['smtp_enable_starttls_auto'] = false
         gitlab_rails['smtp_tls'] = true
         gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
         # If your SMTP server does not like the default 'From: gitlab@localhost' you
@@ -93,14 +93,6 @@ services:
       - 'gitlab_logs:/var/log/gitlab'
       - 'gitlab_data:/var/opt/gitlab'
     shm_size: '256m'
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik"
-      - "traefik.http.routers.gitlab.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.gitlab.tls.certresolver=myresolver"
-      - "traefik.http.routers.gitlab.entrypoints=web,websecure"
-      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
-      - "traefik.http.routers.gitlab.middlewares=hardening@docker"
 
 volumes:
   gitlab_config:
diff --git a/traefik.yml b/traefik.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9c10fc71559cd4c38be5d78d8b2a45b69e0b3155
--- /dev/null
+++ b/traefik.yml
@@ -0,0 +1,18 @@
+version: '3'
+services:
+
+  gitlab:
+    networks:
+      - traefik
+      - default
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.gitlab.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.gitlab.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitlab.entrypoints=web,websecure"
+      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
+      - "traefik.http.routers.gitlab.middlewares=hardening@docker"
+networks:
+  traefik:
+    external: true