diff --git a/global/docker-compose.yml b/global/docker-compose.yml
index e19ed85..7f871d2 100644
--- a/global/docker-compose.yml
+++ b/global/docker-compose.yml
@@ -1,6 +1,8 @@
 services:
   traefik:
     image: "traefik:v2.2"
+    command:
+      - "--log.level=DEBUG"
     container_name: "traefik"
     restart: always
     ports:
@@ -20,20 +22,21 @@ services:
     image: portainer/portainer-ce:latest
     command: -H unix:///var/run/docker.sock
     restart: always
-    ports:
-      - 9000:9000
-      - 8000:8000
+# ports auskommentiert, warum soll portainer außerhalb vom traefik erreichbar sein
+#    ports:
+#      - 9000:9000
+#      - 8000:8000
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - portainer_data:/data
     labels:
       - traefik.enable=true
       - traefik.http.middlewares.portainer-redirect-websecure.redirectscheme.scheme=https
-      - traefik.http.routers.portainer-web.rule=Host(`portainer.example.com`)
+      - traefik.http.routers.portainer-web.rule=Host(`portainer.herrmann.es`)
       - traefik.http.routers.portainer-web.entrypoints=web
       - traefik.http.routers.portainer-web.middlewares=portainer-redirect-websecure
       - traefik.http.routers.portainer-websecure.entrypoints=websecure
-      - traefik.http.routers.portainer-websecure.rule=Host(`portainer.example.com`)
+      - traefik.http.routers.portainer-websecure.rule=Host(`portainer.herrmann.es`)
       - traefik.tags= traefik-public
       - traefik.docker.network=traefik-public
       - traefik.http.routers.portainer-websecure.tls=true
@@ -50,11 +53,11 @@ services:
     labels:
       - traefik.enable=true
       - traefik.http.middlewares.webmin-redirect-websecure.redirectscheme.scheme=https
-      - traefik.http.routers.webmin-web.rule=Host(`webmin.mailneu.herrmann.es`)
+      - traefik.http.routers.webmin-web.rule=Host(`webmin.herrmann.es`)
       - traefik.http.routers.webmin-web.entrypoints=web
       - traefik.http.routers.webmin-web.middlewares=webmin-redirect-websecure
       - traefik.http.routers.webmin-websecure.entrypoints=websecure
-      - traefik.http.routers.webmin-websecure.rule=Host(`webmin.mailneu.herrmann.es`)
+      - traefik.http.routers.webmin-websecure.rule=Host(`webmin.herrmann.es`)
       - traefik.tags= traefik-public
       - traefik.docker.network=traefik-public
       - traefik.http.routers.webmin-websecure.tls=true
@@ -64,10 +67,38 @@ services:
       - internal
       - traefik-public
 
+  gitea:
+    image: gitea/gitea:1.21.11
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    labels:
+      - traefik.enable=true
+      - traefik.http.middlewares.webmin-redirect-websecure.redirectscheme.scheme=https
+      - traefik.http.routers.gitea-web.rule=Host(`gitea.herrmann.es`)
+      - traefik.http.routers.gitea-web.entrypoints=web
+      - traefik.http.routers.gitea-web.middlewares=webmin-redirect-websecure
+      - traefik.http.routers.gitea-websecure.entrypoints=websecure
+      - traefik.http.routers.gitea-websecure.rule=Host(`gitea.herrmann.es`)
+      - traefik.tags= traefik-public
+      - traefik.docker.network=traefik-public
+      - traefik.http.routers.gitea-websecure.tls=true
+      - traefik.http.routers.gitea-websecure.tls.certresolver=myresolver
+      - traefik.http.services.gitea-global.loadbalancer.server.port=3000
+    volumes:
+      - portainer_data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - internal
+      - traefik-public
+
 volumes:
   letsencrypt:
   portainer_data:
-
+  gitea_data:
 networks:
   traefik-public:
     name: traefik-public
diff --git a/global/traefik.toml b/global/traefik.toml
index de120a3..08e2784 100644
--- a/global/traefik.toml
+++ b/global/traefik.toml
@@ -28,7 +28,7 @@
   #
   # Required
   #
-  email = "email@example.com"
+  email = "traefik-letsencrypt@familie-herrmann.de"
 
   # File or key used for certificates storage.
   #