diff --git a/prepare_server.sh b/prepare_server.sh
new file mode 100644
index 0000000..1cf2916
--- /dev/null
+++ b/prepare_server.sh
@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+require_root() {
+  if [ "$(id -u)" -ne 0 ]; then
+    echo "Este script debe ejecutarse como root (o con sudo)."
+    exit 1
+  fi
+}
+
+require_root
+
+step "Instalando Docker, docker compose plugin y certbot"
+
+apt-get update -y
+	
+# Dependencias para repositorio Docker
+apt-get install -y \
+  ca-certificates \
+  curl \
+  gnupg \
+  lsb-release
+
+# Clave GPG de Docker
+if [ ! -f /etc/apt/keyrings/docker.gpg ]; then
+  install -m 0755 -d /etc/apt/keyrings
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
+    gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+fi
+
+# Repo Docker estable
+if [ ! -f /etc/apt/sources.list.d/docker.list ]; then
+  echo \
+    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+    tee /etc/apt/sources.list.d/docker.list > /dev/null
+fi
+
+apt-get update -y
+
+apt-get install -y \
+  docker-ce \
+  docker-ce-cli \
+  containerd.io \
+  docker-buildx-plugin \
+  docker-compose-plugin \
+  git \
+  certbot
+	
+systemctl enable docker
+systemctl start docker
+	
+# Abrimos puertos en ufw si está activo
+if command -v ufw >/dev/null 2>&1; then
+  if ufw status | grep -q "Status: active"; then
+    step "Configurando firewall (ufw) para permitir 80 y 443"
+    ufw allow 80/tcp || true
+    ufw allow 443/tcp || true
+  fi
+fi
+
+# Creamos carpeta del proxy con docker compose. 
+
+mkdir -p /opt/beyonxcx/traefik
+
+cat > /opt/beyondcx/traefik/docker-compose.yaml <<EOF
+services:
+    traefik:
+        image: traefik:v3.2
+        container_name: traefik-prod-1
+        ports:
+            - "80:80"
+            - "443:443"
+            - "8080:8080"
+        environment:
+            - DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - ./config/traefik.yml:/etc/traefik/traefik.yaml:ro
+            - ./data/certs:/var/traefik/certs/:rw
+        networks:
+            - frontend
+        restart: unless-stopped
+networks:
+    frontend:
+        external: true
+EOF
+
+mkdir -p /opt/beyondcx/traefik/config
+mkdir -p /opt/beyondcx/traefik/config/conf
+
+cat > /opt/beyondcx/traefik/config/traefik.yml <<EOF
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+log:
+  level: DEBUG
+api:
+  dashboard: true
+  insecure: true
+entryPoints:
+  web:
+    address: :80
+  websecure:
+    address: :443
+certificatesResolvers:
+  doresolv:
+    acme:
+      email: "garbelo@gmail.com"
+      storage: /var/traefik/certs/doresolv-acme.json
+      caServer: 'https://acme-v02.api.letsencrypt.org/directory'
+      keyType: EC256
+      dnsChallenge:
+          provider: digitalocean
+          resolvers:
+              - "8.8.8.8:53"
+              - "1.1.1.1:53"
+providers:
+  docker:
+      endpoint: "unix:///var/run/docker.sock"
+      exposedByDefault: false
+      network: frontend
+  file:
+    directory: /etc/traefik/conf/
+    watch: true
+EOF
+
+cd /opt/beyondcx/traefik
+
+docker network create frontend
+
+docker network ls
+
+docker compose up -d
+
+step "Levantado traefik "
+
+docker compose ps 
+docker compose logs
+
+step "Recuerda, tienes que crear el DO_AUTH_TOKEN en el .env"
+
+
+