diff --git a/infra/configs/nginx/nginx.conf b/infra/configs/nginx/nginx.conf
index 09a836cb..8e9696af 100644
--- a/infra/configs/nginx/nginx.conf
+++ b/infra/configs/nginx/nginx.conf
@@ -17,7 +17,7 @@ server {
     }
 
     location /api/ {
-        proxy_pass http://dataapi:8081/api/;
+        proxy_pass http://dataapi:8080/api/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/infra/deploy.py b/infra/deploy.py
index 3e509dd4..d3786533 100644
--- a/infra/deploy.py
+++ b/infra/deploy.py
@@ -56,6 +56,10 @@ def get_spec(params: EnvParams) -> deployment.RemoteSpec:
                 "postgres/migrations",
                 "postgres/migrations",
             ),
+            deployment.RemoteFile(
+                "postgres/dockerfile",
+                "postgres/dockerfile",
+            ),
             deployment.RemoteDirectory(
                 "infra/configs/nginx",
                 "configs",
diff --git a/infra/deployment.py b/infra/deployment.py
index 8e07bfee..b8d3f327 100644
--- a/infra/deployment.py
+++ b/infra/deployment.py
@@ -76,7 +76,8 @@ def to_files(self) -> list[RemoteFile]:
 class ConnectionContext:
     host: str
     user: str
-    private_key_filename: str
+    private_key_filename: str | None = None
+    password: str | None = None
 
 
 def _run_command(
diff --git a/infra/docker-compose.yaml b/infra/docker-compose.yaml
index ed1f331f..6a977e16 100644
--- a/infra/docker-compose.yaml
+++ b/infra/docker-compose.yaml
@@ -5,16 +5,24 @@ services:
       POSTGRES_DB: "hyperleda"
       POSTGRES_USER: "hyperleda"
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
-    ports:
-      - "5432:5432"
     volumes:
       - ./postgres/data:/var/lib/postgresql/data
     restart: unless-stopped
+    networks:
+      - hyperleda-network
+      - proxynet
     healthcheck:
       test: psql 'host=localhost port=5432 dbname=hyperleda user=hyperleda password=$${POSTGRES_PASSWORD}' -qtA -c 'select 1;' || exit 1
       timeout: 5s
       interval: 5s
       retries: 5
+    labels:
+      - "traefik.enable=true"
+      - "traefik.tcp.routers.hyperledadb.rule=HostSNI(`database.leda.sao.ru`)"
+      - "traefik.tcp.routers.hyperledadb.entrypoints=https"
+      - "traefik.tcp.routers.hyperledadb.tls=true"
+      - "traefik.tcp.services.hyperledadb.loadbalancer.server.port=5432"
+      - "traefik.docker.network=proxynet"
 
   migrate:
     build:
@@ -27,6 +35,8 @@ services:
     depends_on:
       hyperledadb:
         condition: service_healthy
+    networks:
+      - hyperleda-network
 
   wait-for-migrate:
     image: busybox
@@ -34,6 +44,10 @@ services:
       migrate:
         condition: service_completed_successfully
     entrypoint: /bin/sh -c "echo 'Migration completed successfully'"
+    networks:
+      - hyperleda-network
+    logging:
+      driver: local
 
   adminapi:
     image: ghcr.io/hyperleda/hyperleda:latest
@@ -45,6 +59,8 @@ services:
     volumes:
       - ./configs:/usr/src/app/configs
     restart: unless-stopped
+    networks:
+      - hyperleda-network
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
       interval: 5s
@@ -60,11 +76,12 @@ services:
     entrypoint: ["uv", "run", "main.py", "dataapi"]
     environment:
       - CONFIG=configs/dataapi.yaml
-      - SERVER_PORT=8081
       - STORAGE_PASSWORD=${POSTGRES_PASSWORD:-password}
     volumes:
       - ./configs:/usr/src/app/configs
     restart: unless-stopped
+    networks:
+      - hyperleda-network
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8081/ping"]
       interval: 5s
@@ -77,20 +94,19 @@ services:
 
   webapp:
     image: ghcr.io/hyperleda/hyperleda-webapp:latest
-    depends_on:
-      dataapi:
-        condition: service_healthy
+    networks:
+      - hyperleda-network
     healthcheck:
       test: ["CMD", "curl", "-f", "-LI", "http://localhost:3000/"]
       interval: 5s
       timeout: 5s
       retries: 5
     restart: unless-stopped
+    logging:
+      driver: local
 
   nginx:
     image: nginx:latest
-    ports:
-      - "81:80"
     volumes:
       - ./configs/nginx.conf:/etc/nginx/conf.d/default.conf
       - ./logs:/var/log/nginx
@@ -102,6 +118,9 @@ services:
       webapp:
         condition: service_healthy
     restart: unless-stopped
+    networks:
+      - hyperleda-network
+      - proxynet
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:80/ping"]
       interval: 5s
@@ -109,3 +128,15 @@ services:
       retries: 5
     logging:
       driver: local
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nginx.rule=Host(`leda.sao.ru`)"
+      - "traefik.http.routers.nginx.entrypoints=https"
+      - "traefik.http.services.nginx.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxynet"
+
+networks:
+  hyperleda-network:
+    driver: bridge
+  proxynet:
+    external: true