diff --git a/docker-compose.test.ops.yml b/docker-compose.test.ops.yml
new file mode 100644
index 0000000000000000000000000000000000000000..69f4143bfe60f670e772a0e39b82617fe7b32dfd
--- /dev/null
+++ b/docker-compose.test.ops.yml
@@ -0,0 +1,34 @@
+version: "3.6"
+services:
+  shibauth:
+    image: testing-shibboleth
+    deploy:
+      placement:
+        constraints: [node.role == manager]
+    deploy:
+      labels:
+        # router for basic auth based access (https)
+        - "traefik.http.routers.emg-renderer.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.emg-renderer.middlewares=compress@file,cors@file"
+        - "traefik.http.routers.emg-renderer.tls=true"
+        - "traefik.http.routers.emg-renderer.tls.certresolver=default"
+        - "traefik.http.routers.emg-renderer.entrypoints=https"
+        # router for basic auth based access (http)
+        - "traefik.http.routers.emg-renderer-redirect.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.emg-renderer-redirect.middlewares=redirect@file"
+        - "traefik.http.routers.emg-renderer-redirect.entrypoints=http"
+        # general
+        - "traefik.http.services.emg-renderer.loadbalancer.sticky=false"
+        - "traefik.http.services.emg-renderer.loadbalancer.server.port=80"
+        - "traefik.docker.network=shib-extnet"
+        - "traefik.docker.lbswarm=true"
+        - "traefik.enable=true"
+      replicas: 1
+      placement:
+        constraints: [node.role == manager]
+    networks:
+      - extnet
+networks:
+  extnet:
+    name: shib-extnet
+    external: true