diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
index 75dcdf9..a1186b2 100644
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@@ -1,6 +1,7 @@
 docker_node_labels:
   - hostname: maestro
-    labels: {}
+    labels:
+      traefik: "true"
   - hostname: worker1
     labels: {}
 
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
new file mode 100644
index 0000000..e5642cf
--- /dev/null
+++ b/ansible/playbooks/stacks.yml
@@ -0,0 +1,5 @@
+---
+- name: Start Docker stacks
+  hosts: manager
+  roles:
+    - {role: traefik, tags: traefik}
diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2
new file mode 100644
index 0000000..6bdc7cd
--- /dev/null
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@@ -0,0 +1,36 @@
+# vi: ft=yaml
+version: "3.7"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  traefik:
+    image: traefik:3.0
+    networks:
+      - traefik
+    ports:
+      - 80:80
+      - 8080:8080
+    deploy:
+      placement:
+        constraints: [node.labels.traefik == true]
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.dashboard.rule=Host(`maestro.dmz`)
+        - traefik.http.routers.dashboard.service=api@internal
+        - traefik.http.services.dummy-svc.loadbalancer.server.port=8080
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+    command:
+      - --providers.docker
+      - --providers.docker.swarmmode
+      - --providers.docker.watch
+      - --api
+      - --api.insecure=true
+      - --api.dashboard=true
+      - --entrypoints.web.address=:80
+      - --providers.docker.exposedbydefault=false
diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml
new file mode 100644
index 0000000..0dd74b0
--- /dev/null
+++ b/ansible/roles/traefik/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Create Traefik network
+  docker_network:
+    name: traefik
+    driver: overlay
+
+- name: Create working directory
+  file:
+    path: /srv/traefik
+    state: directory
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/traefik/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: traefik
+    compose:
+      - /srv/traefik/docker-stack.yml