diff --git a/src/Handler.php b/src/Handler.php
index e1d670c3e6437b020b41d76efc92afc2f8dc5e05..14afa21af1d634d12e09d1811ca382cfe8de495e 100644
--- a/src/Handler.php
+++ b/src/Handler.php
@@ -36,6 +36,12 @@ class Handler extends BaseHandler {
     $options = [
       'projectname' => $projectname,
       'staging' => FALSE,
+      'basicauth' => [
+        'enabled' => FALSE,
+        'user' => ',',
+        'pass' => ',',
+        'code' => ',',
+      ],
       'ci_home' => '/home/gitlab-runner',
       'docker0' => [
         'ip' => ($this->isCiContext() || $this->isLocalDevMode()) ?
@@ -231,6 +237,12 @@ class Handler extends BaseHandler {
           'projectprotocol' => 'https',
           'projectport' => '',
           'extradomains' => $config->readValue('aliases'),
+          'basicauth' => [
+            'enabled' => (getenv('BASIC_AUTH') === 'yes'),
+            'user' => getenv('BASIC_AUTH_USER'),
+            'pass' => getenv('BASIC_AUTH_PASS'),
+            'code' => getenv('BASIC_AUTH_CODE'),
+          ],
         ];
         foreach ($overwriteConfig as $key => $value) {
           $this->config->setValue($key, $value, FALSE);
diff --git a/templates/docker-compose.yml.twig b/templates/docker-compose.yml.twig
index 4cf8e83c432c2a16722ec39b87b0c914e33bb9b0..449ca84502eede51bb00fdacea5d0be0edb02c56 100644
--- a/templates/docker-compose.yml.twig
+++ b/templates/docker-compose.yml.twig
@@ -129,6 +129,10 @@ services:
     labels:
       traefik.enable: 'true'
       traefik.docker.network: traefik-public
+{% if basicauth.enabled %}
+      traefik.http.middlewares.{{ webserver.type }}-{{ projectname }}-auth.basicauth.users: {{ basicauth.code }}
+      traefik.http.routers.{{ webserver.type }}-{{ projectname }}.middlewares: {{ webserver.type }}-{{ projectname }}-auth@docker
+{% endif %}
       traefik.http.routers.{{ webserver.type }}-{{ projectname }}.rule: Host(`{{ projectdomain }}`){% for domain in extradomains|default([]) %} || Host(`{{ domain }}`){% endfor %}
 {% if varnish.enable %}
 
@@ -231,6 +235,10 @@ services:
     labels:
       traefik.enable: 'true'
       traefik.docker.network: traefik-public
+{% if basicauth.enabled %}
+      traefik.http.middlewares.mailhog-{{ projectname }}-auth.basicauth.users: {{ basicauth.code }}
+      traefik.http.routers.mailhog-{{ projectname }}.middlewares: mailhog-{{ projectname }}-auth@docker
+{% endif %}
       traefik.http.services.{{ projectname }}_mailhog.loadbalancer.server.port: 8025
       traefik.http.routers.mailhog-{{ projectname }}.rule: Host(`mailhog-{{ projectdomain }}`)
 {% endif %}