diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e5529b3a0..144c89f1c 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -41,6 +41,13 @@
     - config
     - certs
 
+- name: Place the traefik configuration file
+  ansible.builtin.template:
+    src: traefik.yaml.j2
+    dest: /opt/openconext/traefik/config/traefik.yaml
+    owner: root
+    mode: "0640"
+
 - name: Place the dynamic configuration
   ansible.builtin.copy:
     src: router.yaml
@@ -78,7 +85,7 @@
     restart_policy: "always"
     networks:
       - name: "loadbalancer"
-    command: "--providers.docker --providers.docker.network=loadbalancer --entrypoints.websecure.address=:443 --providers.file.directory=/config/config/ --providers.docker.exposedbydefault=false --accesslog=true --ping --serverstransport.insecureskipverify=true"
+    command: "--configFile=/config/config/traefik.yaml"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /opt/openconext/traefik/:/config/
diff --git a/roles/docker/templates/traefik.yaml.j2 b/roles/docker/templates/traefik.yaml.j2
new file mode 100644
index 000000000..e303744ca
--- /dev/null
+++ b/roles/docker/templates/traefik.yaml.j2
@@ -0,0 +1,28 @@
+providers:
+  docker:
+    exposedByDefault: false
+    network: loadbalancer
+  # File provider configuration
+  file:
+    directory: /config/config/
+    watch: true
+# EntryPoints configuration
+entryPoints:
+  websecure:
+    address: ":443"
+    forwardedHeaders:
+      trustedIPs:
+{% for engine_trusted_proxy_ip in engine_trusted_proxy_ips %}
+        - {{ engine_trusted_proxy_ip }}
+{% endfor %}
+# Server transport configuration
+serversTransport:
+  insecureSkipVerify: true
+# Enable access log
+accessLog: {}
+# Enable ping
+ping: {}
+# Global configuration
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false