diff --git a/containers/uptime-kuma/docker-compose.yml b/containers/uptime-kuma/docker-compose.yml
new file mode 100644
index 0000000..63d4d75
--- /dev/null
+++ b/containers/uptime-kuma/docker-compose.yml
@@ -0,0 +1,24 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:2
+    restart: unless-stopped
+    volumes:
+      - /srv/uptime-kuma/data:/app/data
+    networks:
+      - proxy
+    dns:
+      - 192.168.8.2
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.kuma.rule=Host(`kuma.schork.ch`)"
+      - "traefik.http.routers.kuma.entrypoints=websecure"
+      - "traefik.http.routers.kuma.tls=true"
+      - "traefik.http.services.kuma.loadbalancer.server.port=3001"
+#    ports:
+#      # <Host Port>:<Container Port>
+#      - "3001:3001"
+
+networks:
+  proxy:
+    external: true
diff --git a/scripts/ufw.txt b/scripts/ufw.txt
new file mode 100644
index 0000000..2a21b98
--- /dev/null
+++ b/scripts/ufw.txt
@@ -0,0 +1,4 @@
+#allow docker bridge to enter back to the lan network (split-dns monitoring via uptime kuma)
+
+ufw allow proto tcp from 172.21.0.0/16 to 192.168.8.93 port 443
+ufw allow proto tcp from 172.21.0.0/16 to 192.168.8.93 port 80