diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile
index 746aa2b48..7948e4295 100644
--- a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile
@@ -3,3 +3,10 @@ RUN mkdir -p /etc/traefik/acme
 RUN touch /etc/traefik/acme/acme.json
 RUN chmod 600 /etc/traefik/acme/acme.json
 COPY ./compose/production/traefik/traefik.yml /etc/traefik
+
+RUN addgroup -g 101 -S traefik
+RUN adduser -S -D -H -u 101 -s /sbin/nologin -G traefik -g traefik traefik
+RUN chown -R traefik /etc/traefik
+
+USER traefik
+EXPOSE 8080/tcp 8443/tcp
diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml
index 324c62afa..35c82bd6f 100644
--- a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml
+++ b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml
@@ -4,11 +4,11 @@ log:
 entryPoints:
   web:
     # http
-    address: ":80"
+    address: ":8080"
 
   web-secure:
     # https
-    address: ":443"
+    address: ":8443"
 
 certificatesResolvers:
   letsencrypt:
diff --git a/{{cookiecutter.project_slug}}/production.yml b/{{cookiecutter.project_slug}}/production.yml
index 62ec9d829..44461185c 100644
--- a/{{cookiecutter.project_slug}}/production.yml
+++ b/{{cookiecutter.project_slug}}/production.yml
@@ -40,8 +40,8 @@ services:
     volumes:
       - production_traefik:/etc/traefik/acme
     ports:
-      - "0.0.0.0:80:80"
-      - "0.0.0.0:443:443"
+      - "0.0.0.0:80:8080"
+      - "0.0.0.0:443:8443"
 
   redis:
     image: redis:5.0