diff --git a/apps/mealie/docker-compose.yml b/apps/mealie/docker-compose.yml
index 3d5b29e..640aa9b 100644
--- a/apps/mealie/docker-compose.yml
+++ b/apps/mealie/docker-compose.yml
@@ -3,50 +3,68 @@ services:
     image: ghcr.io/mealie-recipes/mealie:v3.12.0
     container_name: mealie
     restart: unless-stopped
-    networks:
-      - frontend_net
-    ports:
-      - "9935:9000"
-    depends_on:
-      postgres:
-        condition: service_healthy
-    volumes:
-      - /mnt/user/appdata/mealie/data:/app/data
+
     environment:
       TZ: Europe/Berlin
+      ALLOW_SIGNUP: "false"
       PUID: "99"
       PGID: "100"
-      ALLOW_SIGNUP: "false"
-      BASE_URL: "http://192.168.178.58:9935"
-      DEFAULT_EMAIL: "michideheld@gmx.de"
-      DEFAULT_GROUP: "Home"
-      DEFAULT_HOUSEHOLD: "Family"
-      DB_ENGINE: "postgres"
-      POSTGRES_USER: "mealie"
-      POSTGRES_PASSWORD: "Kallilab-Mealie-2026!"
-      POSTGRES_SERVER: "postgres"
-      POSTGRES_PORT: "5432"
-      POSTGRES_DB: "mealie"
 
-  postgres:
+      # DB
+      DB_ENGINE: postgres
+      POSTGRES_SERVER: mealie-postgres
+      POSTGRES_DB: mealie
+      POSTGRES_USER: mealie
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+
+      # URL
+      BASE_URL: https://mealie.kaleschke.info
+
+    volumes:
+      - /mnt/user/appdata/mealie/data:/app/data
+
+    networks:
+      - frontend_net
+      - mealie_internal
+
+    security_opt:
+      - no-new-privileges:true
+
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=frontend_net
+      - traefik.http.routers.mealie.rule=Host(`mealie.kaleschke.info`)
+      - traefik.http.routers.mealie.entrypoints=websecure
+      - traefik.http.routers.mealie.tls=true
+      - traefik.http.routers.mealie.tls.certresolver=le
+      - traefik.http.services.mealie.loadbalancer.server.port=9000
+
+  mealie-postgres:
     image: postgres:17
     container_name: mealie-postgres
     restart: unless-stopped
-    networks:
-      - frontend_net
+
     environment:
-      POSTGRES_USER: "mealie"
-      POSTGRES_PASSWORD: "Kallilab-Mealie-2026!"
-      POSTGRES_DB: "mealie"
-      PGUSER: "mealie"
+      TZ: Europe/Berlin
+      POSTGRES_USER: mealie
+      POSTGRES_DB: mealie
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+      PGDATA: /var/lib/postgresql/data
+
     volumes:
       - /mnt/user/appdata/mealie/postgres:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD", "pg_isready", "-U", "mealie", "-d", "mealie"]
-      interval: 30s
-      timeout: 20s
-      retries: 5
+      - /mnt/user/appdata/secrets/mealie_postgres_password.txt:/run/secrets/postgres_password:ro
+
+    networks:
+      - mealie_internal
+
+    security_opt:
+      - no-new-privileges:true
 
 networks:
   frontend_net:
-    external: true
\ No newline at end of file
+    external: true
+
+  mealie_internal:
+    driver: bridge
+    internal: true
\ No newline at end of file