Based on this comment: "This setup works fine when you have one domain but what if you had multiple, how would you structure it?" I'll extend the example with a second domain.
on the crowdsec-traefik security stack traefik does not use the real ip of the request in the logs if cloudflare is used as proxy before the traefik instance.
There are some workarounds for that like using plugins or set .forwardedHeaders.trustedIPs to the cloudflare CIDRs in the entrypoint.
Great video! Unfortunately you kind of made a less secure. By using the ports directive in the compose you expose the (well known Docker-)Port on your whole machine. You also enable any container to access information about your docker environment. To circumvent all of that, I would fiestly remove the ports section on the proxy and secondly create a second network that's only used for the proxy and treafik. Keep in mind that traefik needs access to the default anf the socket proxy network, though;)