diff --git a/docker-compose.yml b/docker-compose.yml
index 99393d7..7b237bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -129,8 +129,8 @@ services:
     depends_on:
       - mongodb
       - redis
-    ports:
-      - "5001:5001"
+    # ports:
+    #   - "5001:5001"
     environment:
       - MONGODB_URI=mongodb://${MONGO_USERNAME:-admin}:${MONGO_PASSWORD:-changeme}@mongodb:27017/
       - REDIS_URL=redis://redis:6379
@@ -141,12 +141,26 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
       - munich-news-network
+      - proxy
     healthcheck:
       test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:5001/health')"]
       interval: 30s
       timeout: 10s
       retries: 3
       start_period: 40s
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.news-api.entrypoints=http
+      - traefik.http.routers.news-api.rule=Host(`news-api.dongho.kim`)
+      - traefik.http.middlewares.news-api-redirect.redirectscheme.permanent=true
+      - traefik.http.middlewares.news-api-redirect.redirectscheme.scheme=https
+      - traefik.http.routers.news-api.middlewares=news-api-redirect
+      - traefik.http.routers.news-api-secure.entrypoints=https
+      - traefik.http.routers.news-api-secure.rule=Host(`news-api.dongho.kim`)
+      - traefik.http.routers.news-api-secure.tls=true
+      - traefik.http.routers.news-api-secure.tls.certresolver=cloudflare
+      - traefik.http.services.news-api-secure-service.loadbalancer.server.port=5001
 
   # Transport Crawler - API service for MVG disruptions (Internal only - not exposed to host)
   transport-crawler:
@@ -204,8 +218,8 @@ services:
     build: ./frontend
     container_name: munich-news-frontend
     restart: unless-stopped
-    ports:
-      - "3000:3000"
+    # ports:
+    #   - "3000:3000"
     # Traefik Configuration (commented out - uncomment when using Traefik)
     # Remove port exposure when using Traefik
     # ports:
@@ -217,11 +231,25 @@ services:
       - backend
     networks:
       - munich-news-network
+      - proxy
     healthcheck:
       test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3000"]
       interval: 30s
       timeout: 10s
       retries: 3
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.news.entrypoints=http
+      - traefik.http.routers.news.rule=Host(`news.dongho.kim`)
+      - traefik.http.middlewares.news-redirect.redirectscheme.permanent=true
+      - traefik.http.middlewares.news-redirect.redirectscheme.scheme=https
+      - traefik.http.routers.news.middlewares=news-redirect
+      - traefik.http.routers.news-secure.entrypoints=https
+      - traefik.http.routers.news-secure.rule=Host(`news.dongho.kim`)
+      - traefik.http.routers.news-secure.tls=true
+      - traefik.http.routers.news-secure.tls.certresolver=cloudflare
+      - traefik.http.services.news-secure-service.loadbalancer.server.port=3000
 
 volumes:
   mongodb_data:
@@ -233,4 +261,6 @@ volumes:
 
 networks:
   munich-news-network:
-    driver: bridge
+    internal: true
+  proxy:
+    external: true
\ No newline at end of file