diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf
index 4d3cca2..b28955c 100644
--- a/nextcloud/nginx.conf
+++ b/nextcloud/nginx.conf
@@ -70,7 +70,7 @@ http {
 
         # The following rule is only needed for the Social app.
         # Uncomment it if you're planning to use this app.
-        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
 
         location = /.well-known/carddav {
             return 301 https://$host:443/remote.php/dav;
diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index ed595d0..406c531 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -3,10 +3,11 @@ version: "3.3"
 services:
 
   traefik:
-    image: traefik:v2.4
+    image: traefik:v2.3
     restart: unless-stopped
     command:
       - "--api.insecure=false"
+      - "--api.dashboard=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       #- "--log.level=DEBUG"
@@ -29,6 +30,15 @@ services:
       - ${VOLUMES_PATH}/letsencrypt:/letsencrypt
       - $PWD/tls.toml:/etc/traefik/tls.toml
     labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitea.tls.options=intermediate@file"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
+      - "traefik.docker.network=web"
       - "docker.group=web"