diff --git a/.env.example b/.env.example
index 00c0467..1ec1703 100644
--- a/.env.example
+++ b/.env.example
@@ -8,6 +8,11 @@ GHOST_VERSION=5-alpine
 # Public domain Ghost is going to run on
 DOMAIN=example.com
 
+# If you have Ghost Admin setup on a separate domain
+# uncomment the below along with the corresponding block
+# in your Caddyfile
+# ADMIN_DOMAIN=
+
 # Database settings
 DATABASE_ROOT_PASSWORD=reallysecurerootpassword
 DATABASE_USER=optionalusername
diff --git a/caddy/Caddyfile.example b/caddy/Caddyfile.example
index ae1ae30..6dccd48 100644
--- a/caddy/Caddyfile.example
+++ b/caddy/Caddyfile.example
@@ -17,20 +17,31 @@
 	encode gzip
 
 	# Optional: Add security headers
-	header {
-		# Enable HSTS
-		Strict-Transport-Security max-age=31536000;
-		# Prevent embedding in frames
-		X-Frame-Options DENY
-		# Enable XSS protection
-		X-XSS-Protection "1; mode=block"
-		# Prevent MIME sniffing
-		X-Content-Type-Options nosniff
-		# Referrer policy
-		Referrer-Policy strict-origin-when-cross-origin
-	}
+	import snippets/SecurityHeaders
 }
 
+# If you have a separate domain for Ghost Admin uncomment the below block
+# {$ADMIN_DOMAIN} {
+# 	import snippets/Logging
+#
+# 	# Traffic Analytics service
+# 	import snippets/TrafficAnalytics
+#
+# 	# ActivityPub Service
+# 	import snippets/ActivityPub
+#
+# 	# Default proxy everything else to Ghost
+# 	handle {
+# 		reverse_proxy ghost:2368
+# 	}
+#
+# 	# Optional: Enable gzip compression
+# 	encode gzip
+#
+# 	# Optional: Add security headers
+# 	import snippets/SecurityHeaders
+# }
+
 # If you want to redirect the www variant of your domain to the non-www varient uncomment the below 4 lines
 # Note: You must have DNS setup correctly for this to work
 # www.{$DOMAIN} {
diff --git a/caddy/snippets/SecurityHeaders b/caddy/snippets/SecurityHeaders
new file mode 100644
index 0000000..7fa4bfc
--- /dev/null
+++ b/caddy/snippets/SecurityHeaders
@@ -0,0 +1,12 @@
+header {
+	# Enable HSTS
+	Strict-Transport-Security max-age=31536000;
+	# Prevent embedding in frames
+	X-Frame-Options DENY
+	# Enable XSS protection
+	X-XSS-Protection "1; mode=block"
+	# Prevent MIME sniffing
+	X-Content-Type-Options nosniff
+	# Referrer policy
+	Referrer-Policy strict-origin-when-cross-origin
+}
diff --git a/compose.yml b/compose.yml
index 420b90e..2800956 100644
--- a/compose.yml
+++ b/compose.yml
@@ -9,6 +9,7 @@ services:
       - "443:443"
     environment:
       DOMAIN: ${DOMAIN:?DOMAIN environment variable is required}
+      ADMIN_DOMAIN: ${ADMIN_DOMAIN:-}
       ACTIVITYPUB_TARGET: ${ACTIVITYPUB_TARGET:-https://ap.ghost.org}
     volumes:
       - ./caddy:/etc/caddy