diff --git a/tasks/chill/main.yml b/tasks/chill/main.yml
index 65c6885..80c5629 100644
--- a/tasks/chill/main.yml
+++ b/tasks/chill/main.yml
@@ -54,5 +54,15 @@
     - lexik_jwt_authentication.yaml
     - messenger.yaml
     - monolog.yaml
+    - chill_doc_store.yaml
+    - framework.yaml
   loop_control:
     loop_var: file
+
+- name: Create directory for storing data
+  ansible.builtin.file:
+    path: "{{ doc_storage_dir }}/{{ item['chill_environment'] }}"
+    owner: "82"
+    group: "82"
+    mode: '0766'
+    state: directory
diff --git a/tasks/chill/self_signed.yml b/tasks/chill/self_signed.yml
new file mode 100644
index 0000000..288887c
--- /dev/null
+++ b/tasks/chill/self_signed.yml
@@ -0,0 +1,18 @@
+
+- name: Create directory for storing certificates
+  ansible.builtin.file:
+    path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}"
+    state: directory
+    owner: "{{ as_user }}"
+    mode: '0400'
+
+- name: Create private key
+  community.crypto.openssl_privatekey:
+    path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem"
+
+- name: Create self signed certificate
+  community.crypto.x509_certificate:
+    privatekey_path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/key.pem"
+    path: "/var/traefik/certs/chill/{{ item['chill_environment'] }}/cert.pem"
+    provider: selfsigned
+
diff --git a/tasks/traefik.yml b/tasks/traefik.yml
index 739579c..9f779ac 100644
--- a/tasks/traefik.yml
+++ b/tasks/traefik.yml
@@ -13,3 +13,10 @@
     owner: "{{ as_user }}"
   notify:
     - Restart traefik
+
+- name: Create directory for storing certificates
+  ansible.builtin.file:
+    path: "/var/traefik/certs"
+    state: directory
+    owner: "{{ as_user }}"
+    mode: '0400'
diff --git a/templates/compose.yaml b/templates/compose.yaml
index 68612fc..bca8f18 100644
--- a/templates/compose.yaml
+++ b/templates/compose.yaml
@@ -6,13 +6,19 @@ services:
             - app:php
         labels:
             - "traefik.enable=true"
-            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
-            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=web"
             - "traefik.docker.network=traefik"
-        {% if item.expose_port is not false -%}
-        ports:
-            - "{{ item.expose_port }}:80"
-        {% endif -%}
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"
+            {%+ if item.tls_config == 'self_signed' +%}
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"
+            {%+ endif +%}
+            {%+ if item.expose_port is not false +%}
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"
+            {%+ if item.tls_config == 'self_signed' +%}
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"
+            {%+ endif +%}
+            {%+ endif +%}
         networks:
             - traefik
             - default
@@ -25,6 +31,7 @@ services:
             - './config/prod:/var/www/app/config/packages/prod:ro'
             - './var:/var/www/app/var:rw'
             - '/var/logs/chill:/var/www/app/logs'
+            - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
         links:
             - redis
             - relatorio
diff --git a/templates/config/prod/chill_doc_store.yaml b/templates/config/prod/chill_doc_store.yaml
new file mode 100644
index 0000000..50d0769
--- /dev/null
+++ b/templates/config/prod/chill_doc_store.yaml
@@ -0,0 +1,3 @@
+chill_doc_store:
+    local_storage:
+        storage_path: '/var/storage'
\ No newline at end of file
diff --git a/templates/config/prod/framework.yaml b/templates/config/prod/framework.yaml
new file mode 100644
index 0000000..dd1710e
--- /dev/null
+++ b/templates/config/prod/framework.yaml
@@ -0,0 +1,3 @@
+framework:
+    trusted_proxies: '172.150.0.0/24'
+    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
\ No newline at end of file
diff --git a/templates/traefik-compose.yaml b/templates/traefik-compose.yaml
index d4cc85a..e896468 100644
--- a/templates/traefik-compose.yaml
+++ b/templates/traefik-compose.yaml
@@ -13,17 +13,36 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedByDefault=false"
       - "--entryPoints.web.address=:80"
+      - "--entryPoints.websecure.address=:443"
+      {%+ for c in chills +%}
+      {%+ if c.expose_port is not false +%}
+      - "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
+      {% endif +%}
+      {% endfor +%}
+
     ports:
       # The HTTP port
       - "80:80"
+      - "443:443"
       # The Web UI (enabled by --api.insecure=true)
       - "8080:8080"
+      {% for c in chills +%}
+      {% if c.expose_port is not false +%}
+      - "{{ c.expose_port }}:{{ c.expose_port }}"
+      {% endif +%}
+      {%+ endfor +%}
+
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
+      - /var/traefik/certs:/var/traefik/certs
     networks:
       - traefik
 
 networks:
   traefik:
-    name: traefik
\ No newline at end of file
+    name: traefik
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.150.0.0/24