diff --git a/configs/dev/traefik-v1.yml b/configs/dev/traefik-v1.yml
new file mode 100644
index 0000000..813d059
--- /dev/null
+++ b/configs/dev/traefik-v1.yml
@@ -0,0 +1,18 @@
+---
+log:
+  level: "ERROR"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+
+api:
+  dashboard: true
+  debug: true
+
+entrypoints:
+  web:
+    address: ":80"
+  dashboard:
+    address: ":8080"
diff --git a/traefik-v1.yml b/configs/prod/traefik-v1.yml
similarity index 88%
rename from traefik-v1.yml
rename to configs/prod/traefik-v1.yml
index 50b11de..3eecd4d 100644
--- a/traefik-v1.yml
+++ b/configs/prod/traefik-v1.yml
@@ -21,6 +21,7 @@ entrypoints:
   dashboard:
     address: ":8080"
 
+# NOTE(decentral1se): still in experiment mode, so using staging certs
 certificatesResolvers:
   staging:
     acme:
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
new file mode 100644
index 0000000..0396c49
--- /dev/null
+++ b/docker-compose.override.yml
@@ -0,0 +1,11 @@
+---
+services:
+  traefik:
+    container_name: traefik
+    configs:
+      - source: traefik-yml-dev
+        target: /etc/traefik/traefik.yml
+
+configs:
+  traefik-yml-dev:
+    file: ./config/dev/traefik-v1.yml
diff --git a/docker-compose.production.yml b/docker-compose.production.yml
new file mode 100644
index 0000000..71eb7e5
--- /dev/null
+++ b/docker-compose.production.yml
@@ -0,0 +1,34 @@
+---
+services:
+  traefik:
+    restart: always
+    ports:
+      - "443:443"
+    configs:
+      - source: traefik-yml-prod
+        target: /etc/traefik/traefik.yml
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.traefik.loadbalancer.server.port=80"
+        - "traefik.http.routers.traefik.rule=Host(`traefik.swarm.autonomic.zone`)"
+        - "traefik.http.routers.traefik.entrypoints=web-secure"
+        - "traefik.http.routers.traefik.tls.certresolver=staging"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=traefik-auth"
+        - "traefik.http.middlewares.traefik-auth.basicauth.users=autonomic:$$apr1$$c2uyXKda$$aRey75.6YpkdA82yGf5VN1"
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  traefik-yml-prod:
+    file: ./config/prod/traefik-v1.yml
diff --git a/docker-compose.yml b/docker-compose.yml
index 3c2deae..f9271b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,46 +1,15 @@
 ---
-version: "3.3"
+version: "3.8"
 
 services:
   traefik:
     image: "traefik:v2.2"
-    restart: always
-    container_name: traefik
     ports:
       - "80:80"
-      - "443:443"
       - "8080:8080"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "letsencrypt:/etc/letsencrypt"
-    configs:
-      - source: traefik-yml
-        target: /etc/traefik/traefik.yml
-    networks:
-      - proxy
-    deploy:
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == manager
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.traefik.loadbalancer.server.port=80"
-        - "traefik.http.routers.traefik.rule=Host(`traefik.swarm.autonomic.zone`)"
-        - "traefik.http.routers.traefik.entrypoints=web-secure"
-        - "traefik.http.routers.traefik.tls.certresolver=staging"
-        - "traefik.http.routers.traefik.service=api@internal"
-        - "traefik.http.routers.traefik.middlewares=traefik-auth"
-        - "traefik.http.middlewares.traefik-auth.basicauth.users=autonomic:$$apr1$$c2uyXKda$$aRey75.6YpkdA82yGf5VN1"
-
-networks:
-  proxy:
-    external: true
 
 volumes:
   letsencrypt:
-
-configs:
-  traefik-yml:
-    file: ./traefik-v1.yml