diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml
index aa7f9a1..5b5a7c1 100644
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@@ -76,6 +76,15 @@ traefik_dynamic_conf:
           - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
           - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 
+# This config allows to add new entrypoints to traefik which are also automatically exposed / the port is automatically allocated.
+# Can be used in cases where traefik needs to be used as a proxy because of the certificates it holds. Eg. gitlab registry on the
+# same domain, where we want to use the existing certificate for the registry too.
+#
+# Example entry:
+# - name: gitlabregistry
+#   port: 5050
+traefik_additional_entrypoints: []
+
 # Enables debug log level
 traefik_debug: false
 
diff --git a/roles/traefik/templates/docker-compose.yml b/roles/traefik/templates/docker-compose.yml
index 95b22b2..64a7ea0 100644
--- a/roles/traefik/templates/docker-compose.yml
+++ b/roles/traefik/templates/docker-compose.yml
@@ -95,6 +95,9 @@ services:
     ports:
       - "80:80"
       - "443:443"
+{% for entrypoint in traefik_additional_entrypoints %}
+      - "{{ entrypoint.port }}:{{ entrypoint.port }}"
+{% endfor %}
 
     volumes:
       - "{{ traefik_acme_location }}:/etc/traefik/acme"
@@ -105,6 +108,9 @@ services:
     command:
       - "--entryPoints.web.address=:80"
       - "--entryPoints.websecure.address=:443"
+{% for entrypoint in traefik_additional_entrypoints %}
+      - "--entryPoints.{{ entrypoint.name }}.address=:{{ entrypoint.port }}"
+{% endfor %}
       - "--accesslog={{ traefik_access_log_enabled | bool | lower }}"
 {% if traefik_dynamic_conf != omit %}
       - "--providers.file.directory=/etc/traefik/dynamic_conf"