diff --git a/Traefik/docker-compose.yml b/Traefik/docker-compose.yml
index c966c2c..7f46283 100644
--- a/Traefik/docker-compose.yml
+++ b/Traefik/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
-  traefik-portainer:
-    image: traefik:${TRAEFIK_VERSION:-v3.1}
+  traefik:
+    image: ${TRAEFIK_IMAGE}
     container_name: traefik
     restart: unless-stopped
     extra_hosts:
@@ -8,15 +8,15 @@ services:
 
     command:
       # Logs
-      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
+      - "--log.level=${TRAEFIK_LOG_LEVEL}"
 
       # Dashboard (por ahora solo interno)
       - "--api.dashboard=true"
       - "--api.insecure=false"
 
       # Entrypoints
-      - "--entrypoints.web.address=:${TRAEFIK_HTTP_PORT:-80}"
-      - "--entrypoints.websecure.address=:${TRAEFIK_HTTPS_PORT:-443}"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
 
       # Redirección HTTP -> HTTPS
       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
@@ -25,26 +25,26 @@ services:
       # Proveedor Docker
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
-      - "--providers.docker.network=${TRAEFIK_DOCKER_NETWORK:-proxy}"
+      - "--providers.docker.network=${TRAEFIK_DOCKER_NETWORK}"
 
       # Proveedor de ficheros dinámicos
       - "--providers.file.directory=/dynamic"
       - "--providers.file.watch=true"
 
-      # ACME / Let's Encrypt (resolver "letsencrypt" parametrizado)
-      - "--certificatesresolvers.${TRAEFIK_ACME_RESOLVER:-letsencrypt}.acme.email=${TRAEFIK_ACME_EMAIL}"
-      - "--certificatesresolvers.${TRAEFIK_ACME_RESOLVER:-letsencrypt}.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesresolvers.${TRAEFIK_ACME_RESOLVER:-letsencrypt}.acme.httpchallenge=true"
-      - "--certificatesresolvers.${TRAEFIK_ACME_RESOLVER:-letsencrypt}.acme.httpchallenge.entrypoint=web"
+      # ACME / Let's Encrypt (resolver "letsencrypt")
+      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
+      - "--certificatesresolvers.letsencrypt.acme.storage=${TRAEFIK_ACME_STORAGE}"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
 
     ports:
-      - "${TRAEFIK_HTTP_PORT:-80}:80"
-      - "${TRAEFIK_HTTPS_PORT:-443}:443"
+      - "${TRAEFIK_HTTP_PORT}:80"
+      - "${TRAEFIK_HTTPS_PORT}:443"
 
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ${TRAEFIK_DYNAMIC_PATH:-/opt/traefik/dynamic}:/dynamic
-      - ${TRAEFIK_LETSENCRYPT_PATH:-/opt/traefik/letsencrypt}:/letsencrypt
+      - /var/run/docker.sock:/var/run/docker.sock:ro,Z
+      - ${TRAEFIK_DYNAMIC_DIR}:/dynamic:Z
+      - ${TRAEFIK_LETSENCRYPT_DIR}:/letsencrypt:Z
 
     networks:
       - proxy
@@ -52,5 +52,4 @@ services:
 networks:
   proxy:
     external: true
-    name: ${TRAEFIK_DOCKER_NETWORK:-proxy}
 
diff --git a/Traefik/stack.env b/Traefik/stack.env
index c2c11c1..614f878 100644
--- a/Traefik/stack.env
+++ b/Traefik/stack.env
@@ -1,14 +1,11 @@
-TRAEFIK_VERSION=v3.1
-
+##### Traefik #####
+TRAEFIK_IMAGE=traefik:v3.1
 TRAEFIK_LOG_LEVEL=INFO
+TRAEFIK_DOCKER_NETWORK=proxy
+TRAEFIK_ACME_EMAIL=lets.encrypt@thehomelesssherlock.com
+TRAEFIK_ACME_STORAGE=/letsencrypt/acme.json
 TRAEFIK_HTTP_PORT=80
 TRAEFIK_HTTPS_PORT=443
-
-TRAEFIK_DOCKER_NETWORK=proxy
-
-TRAEFIK_ACME_RESOLVER=letsencrypt
-TRAEFIK_ACME_EMAIL=lets.encrypt@thehomelesssherlock.com
-
-TRAEFIK_DYNAMIC_PATH=/opt/traefik/dynamic
-TRAEFIK_LETSENCRYPT_PATH=/opt/traefik/letsencrypt
+TRAEFIK_DYNAMIC_DIR=/opt/traefik/dynamic
+TRAEFIK_LETSENCRYPT_DIR=/opt/traefik/letsencrypt