diff --git a/services/traefik.hcl b/services/traefik.hcl
index be327dd..6736c48 100644
--- a/services/traefik.hcl
+++ b/services/traefik.hcl
@@ -13,6 +13,7 @@ job "traefik" {
         #host_network = "tailscale"
         static = "9002"
       }
+      port "promtail_healthcheck" {}
     }
 
     task "traefik" {
@@ -128,6 +129,7 @@ EOH
         memory = 512
       }
     }
+
     task "keepalived" {
       driver = "docker"
       env {
@@ -145,5 +147,70 @@ EOH
         cap_add      = ["NET_ADMIN", "NET_BROADCAST", "NET_RAW"]
       }
     }
+
+    task "promtail" {
+      driver = "docker"
+      config {
+        image = "grafana/promtail:2.2.0"
+        args = [
+          "-config.file",
+          "local/config.yaml",
+          "-print-config-stderr",
+        ]
+        # the only port required is for the healthcheck
+        ports = ["promtail_healthcheck"]
+      }
+      # the template with Promtail's YAML configuration file, configuring the files to scrape,
+      # the Loki server to send the logs to (based on a registered Consul service, but it could be a fixed URL),
+      # the regex to parse the Common Log Format (https://en.wikipedia.org/wiki/Common_Log_Format) used for access logs,
+      # and the labels ( HTTP method and status code)
+      template {
+        data = <<EOH
+          server:
+            http_listen_port: {{ env "NOMAD_PORT_promtail_healthcheck" }}
+            grpc_listen_port: 0
+          positions:
+            filename: /alloc/positions.yaml
+          client:
+            url: http://{{ range service "loki" }}{{ .Address }}:{{ .Port }}{{ end }}/loki/api/v1/push
+          scrape_configs:
+          - job_name: local
+            static_configs:
+            - targets:
+                - localhost
+              labels:
+                job: traefik
+                __path__: "/alloc/logs/traefik.std*.0"
+            pipeline_stages:
+              - regex:
+                  expression: '^(?P<remote_addr>[\w\.]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>[^\]]+)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"? (?P<total_requests>\d+) "(?P<frontend_name>.+)" "(?P<backend_url>.+)" (?P<duration_ms>\d+)ms'
+              - labels:
+                  method:
+                  status:
+                  frontend_name:
+        EOH
+        destination = "local/config.yaml"
+        }
+        resources {
+          cpu    = 50
+          memory = 256
+        }
+        # poststart, and sidecar=true, so Promtail will start *after* Traefik ( since it has nothing to do before Traefik isup and running),
+        # and run for as long as it does
+        lifecycle {
+          hook    = "poststart"
+          sidecar = true
+        }
+        # a service for a health check to determine the state of Promtail
+        service {
+          check {
+            type     = "http"
+            port     = "promtail_healthcheck"
+            path     = "/ready"
+            interval = "10s"
+            timeout  = "2s"
+          }
+        }
+    }
   }
 }