diff --git a/traefik/docker-compose.traefik-local.yml b/traefik/docker-compose.traefik-local.yml
index 04c0e8f..092cc87 100755
--- a/traefik/docker-compose.traefik-local.yml
+++ b/traefik/docker-compose.traefik-local.yml
@@ -3,12 +3,15 @@ version: '3'
 services:
   traefik:
     container_name: traefik
-    image: traefik:v2.2.1   
+    image: traefik:v2.5.3   
     ports:
       - 80:80
       - 443:443
+      - 8080:8080
     expose:
       - 8080
+    labels: 
+      - traefik.enable=true      
     networks:
       - srv
     restart: unless-stopped
diff --git a/traefik/docker-compose.traefik.yml b/traefik/docker-compose.traefik.yml
index e99e09e..738f16c 100644
--- a/traefik/docker-compose.traefik.yml
+++ b/traefik/docker-compose.traefik.yml
@@ -3,11 +3,11 @@ version: '3'
 services:
   traefik:
     container_name: traefik
-    image: traefik:v2.2.1
+    image: traefik:v2.5.3
     command:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false      
-      - --api=true
+      - --api.dashboard=false
       - --entrypoints.http.address=:80      
       - --entrypoints.https.address=:443
       - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
@@ -21,13 +21,13 @@ services:
     environment:
       - GANDIV5_API_KEY=${GANDIV5_API_KEY}
     labels: 
-      - traefik.enable=true
-      - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
-      - traefik.http.routers.api.entrypoints=http
-      - traefik.http.routers.api.entrypoints=https
-      - traefik.http.routers.api.service=api@internal   
-      - traefik.http.routers.api.middlewares=auth
-      - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
+      #- traefik.enable=true
+      # - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
+      # - traefik.http.routers.api.entrypoints=http
+      # - traefik.http.routers.api.entrypoints=https
+      # - traefik.http.routers.api.service=api@internal   
+      # - traefik.http.routers.api.middlewares=auth
+      # - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
       # request widlcard certificate
       - traefik.http.routers.api.tls.certresolver=letsencrypt
       - traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
@@ -42,8 +42,6 @@ services:
     ports:
       - 80:80
       - 443:443
-    expose:
-      - 8080
     networks:
       - srv
     restart: unless-stopped
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
index ede4b0f..f53aec9 100644
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@@ -16,5 +16,22 @@ providers:
   docker:
     endpoint: unix:///var/run/docker.sock
     watch: true
-    exposedByDefault: true
-    defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
\ No newline at end of file
+    exposedByDefault: false
+    defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
+
+http:
+  # global redirect to https
+  routers:
+    http-catchall:
+      rule: "hostregexp(`{host:.+}`)"
+      entrypoints: 
+        - http
+      middlewares: 
+        - redirect-to-https
+
+  # middleware redirect
+  middlewares:
+    redirect-to-https:
+      redirectscheme:
+        scheme: https
+        permanent: true
\ No newline at end of file