diff --git a/fleetdm/docker-compose-traefik.yml b/fleetdm/docker-compose-traefik.yml
new file mode 100644
index 0000000..a1870f4
--- /dev/null
+++ b/fleetdm/docker-compose-traefik.yml
@@ -0,0 +1,122 @@
+services:
+  mysql:
+    image: mysql
+    platform: linux/x86_64
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+    volumes:
+      - ./mysql:/var/lib/mysql
+    cap_add:
+      - SYS_NICE
+    healthcheck:
+      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD --silent || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
+    networks:
+      - fleet
+
+  redis:
+    image: redis
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - ./redis:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
+    networks:
+      - fleet
+
+  fleet-init:
+    image: alpine:latest
+    volumes:
+      - ./logs:/logs
+      - ./data:/data
+      - ./vulndb:/vulndb
+    command: sh -c "chown -R 100:101 /logs /data /vulndb"
+    networks:
+      - fleet
+
+  fleet:
+    image: fleetdm/fleet
+    platform: linux/x86_64
+    depends_on:
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      fleet-init:
+        condition: service_completed_successfully
+    command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
+    environment:
+      # In-cluster service addresses (no hostnames/ports on the host)
+      - FLEET_REDIS_ADDRESS=redis:6379
+      - FLEET_MYSQL_ADDRESS=mysql:3306
+      - FLEET_MYSQL_DATABASE=${MYSQL_DATABASE}
+      - FLEET_MYSQL_USERNAME=${MYSQL_USER}
+      - FLEET_MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      # Fleet HTTP listener
+      - FLEET_SERVER_ADDRESS=${FLEET_SERVER_ADDRESS}:${FLEET_SERVER_PORT}
+      - FLEET_SERVER_TLS=${FLEET_SERVER_TLS}
+      # Secrets
+      - FLEET_SERVER_PRIVATE_KEY=${FLEET_SERVER_PRIVATE_KEY}     # Run 'openssl rand -base64 32' to generate
+      - FLEET_LICENSE_KEY=${FLEET_LICENSE_KEY}
+      # System tuning & other options
+      - FLEET_SESSION_DURATION=${FLEET_SESSION_DURATION}
+      - FLEET_LOGGING_JSON=${FLEET_LOGGING_JSON}
+      - FLEET_OSQUERY_STATUS_LOG_PLUGIN=${FLEET_OSQUERY_STATUS_LOG_PLUGIN}
+      - FLEET_FILESYSTEM_STATUS_LOG_FILE=${FLEET_FILESYSTEM_STATUS_LOG_FILE}
+      - FLEET_FILESYSTEM_RESULT_LOG_FILE=${FLEET_FILESYSTEM_RESULT_LOG_FILE}
+      - FLEET_OSQUERY_LABEL_UPDATE_INTERVAL=${FLEET_OSQUERY_LABEL_UPDATE_INTERVAL}
+      - FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS=${FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS}
+      - FLEET_VULNERABILITIES_DATABASES_PATH=${FLEET_VULNERABILITIES_DATABASES_PATH}
+      - FLEET_VULNERABILITIES_PERIODICITY=${FLEET_VULNERABILITIES_PERIODICITY}
+      # Optional S3 info
+      - FLEET_S3_SOFTWARE_INSTALLERS_BUCKET=${FLEET_S3_SOFTWARE_INSTALLERS_BUCKET}
+      - FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID=${FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID}
+      - FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY=${FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY}
+      - FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE=${FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE}
+      # Override FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL when using a different S3 compatible 
+      # object storage backend (such as Minio) or running S3 locally with localstack.
+      # Leave this blank to use the default S3 service endpoint.
+      - FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL=${FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL}
+      # Minio users must set FLEET_S3_SOFTWARE_INSTALLERS_REGION to any nonempty value (eg. minio),
+      # as Minio does not support region discovery.
+      - FLEET_S3_SOFTWARE_INSTALLERS_REGION=${FLEET_S3_SOFTWARE_INSTALLERS_REGION}
+    ports:
+      - "${FLEET_SERVER_PORT}:${FLEET_SERVER_PORT}"   # UI/API
+      - "8220:8220"   # osquery enroll/TLS endpoint
+    volumes:
+      - ./data:/fleet
+      - ./logs:/logs
+      - ./vulndb:${FLEET_VULNERABILITIES_DATABASES_PATH}
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:${FLEET_SERVER_PORT}/healthz"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.fleet.entrypoints=web, websecure"
+      - "traefik.http.routers.fleet.rule=Host(`example.com`)"
+      - "traefik.http.routers.fleet.tls=true"
+      - "traefik.http.routers.fleet.tls.certresolver=production"
+      - "traefik.docker.network=traefik_default"
+    networks:
+      - traefik
+      - fleet
+
+networks:
+  fleet:
+    external: false
+  traefik:
+    name: traefik_default
+    external: true
diff --git a/fleetdm/docker-compose.yml b/fleetdm/docker-compose.yml
new file mode 100644
index 0000000..459cb38
--- /dev/null
+++ b/fleetdm/docker-compose.yml
@@ -0,0 +1,99 @@
+services:
+  mysql:
+    image: mysql
+    platform: linux/x86_64
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+    volumes:
+      - ./mysql:/var/lib/mysql
+    cap_add:
+      - SYS_NICE
+    healthcheck:
+      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD --silent || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
+
+  redis:
+    image: redis
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - ./redis:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
+
+  fleet-init:
+    image: alpine:latest
+    volumes:
+      - ./logs:/logs
+      - ./data:/data
+      - ./vulndb:/vulndb
+    command: sh -c "chown -R 100:101 /logs /data /vulndb"
+
+  fleet:
+    image: fleetdm/fleet
+    platform: linux/x86_64
+    depends_on:
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      fleet-init:
+        condition: service_completed_successfully
+    command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
+    environment:
+      # In-cluster service addresses (no hostnames/ports on the host)
+      - FLEET_REDIS_ADDRESS=redis:6379
+      - FLEET_MYSQL_ADDRESS=mysql:3306
+      - FLEET_MYSQL_DATABASE=${MYSQL_DATABASE}
+      - FLEET_MYSQL_USERNAME=${MYSQL_USER}
+      - FLEET_MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      # Fleet HTTP listener
+      - FLEET_SERVER_ADDRESS=${FLEET_SERVER_ADDRESS}:${FLEET_SERVER_PORT}
+      - FLEET_SERVER_TLS=${FLEET_SERVER_TLS}
+      # Secrets
+      - FLEET_SERVER_PRIVATE_KEY=${FLEET_SERVER_PRIVATE_KEY}     # Run 'openssl rand -base64 32' to generate
+      - FLEET_LICENSE_KEY=${FLEET_LICENSE_KEY}
+      # System tuning & other options
+      - FLEET_SESSION_DURATION=${FLEET_SESSION_DURATION}
+      - FLEET_LOGGING_JSON=${FLEET_LOGGING_JSON}
+      - FLEET_OSQUERY_STATUS_LOG_PLUGIN=${FLEET_OSQUERY_STATUS_LOG_PLUGIN}
+      - FLEET_FILESYSTEM_STATUS_LOG_FILE=${FLEET_FILESYSTEM_STATUS_LOG_FILE}
+      - FLEET_FILESYSTEM_RESULT_LOG_FILE=${FLEET_FILESYSTEM_RESULT_LOG_FILE}
+      - FLEET_OSQUERY_LABEL_UPDATE_INTERVAL=${FLEET_OSQUERY_LABEL_UPDATE_INTERVAL}
+      - FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS=${FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS}
+      - FLEET_VULNERABILITIES_DATABASES_PATH=${FLEET_VULNERABILITIES_DATABASES_PATH}
+      - FLEET_VULNERABILITIES_PERIODICITY=${FLEET_VULNERABILITIES_PERIODICITY}
+      # Optional S3 info
+      - FLEET_S3_SOFTWARE_INSTALLERS_BUCKET=${FLEET_S3_SOFTWARE_INSTALLERS_BUCKET}
+      - FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID=${FLEET_S3_SOFTWARE_INSTALLERS_ACCESS_KEY_ID}
+      - FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY=${FLEET_S3_SOFTWARE_INSTALLERS_SECRET_ACCESS_KEY}
+      - FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE=${FLEET_S3_SOFTWARE_INSTALLERS_FORCE_S3_PATH_STYLE}
+      # Override FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL when using a different S3 compatible 
+      # object storage backend (such as Minio) or running S3 locally with localstack.
+      # Leave this blank to use the default S3 service endpoint.
+      - FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL=${FLEET_S3_SOFTWARE_INSTALLERS_ENDPOINT_URL}
+      # Minio users must set FLEET_S3_SOFTWARE_INSTALLERS_REGION to any nonempty value (eg. minio),
+      # as Minio does not support region discovery.
+      - FLEET_S3_SOFTWARE_INSTALLERS_REGION=${FLEET_S3_SOFTWARE_INSTALLERS_REGION}
+    ports:
+      - "${FLEET_SERVER_PORT}:${FLEET_SERVER_PORT}"   # UI/API
+      - "8220:8220"   # osquery enroll/TLS endpoint
+    volumes:
+      - ./data:/fleet
+      - ./logs:/logs
+      - ./vulndb:${FLEET_VULNERABILITIES_DATABASES_PATH}
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:${FLEET_SERVER_PORT}/healthz"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+    restart: unless-stopped
\ No newline at end of file