diff --git a/releases.opml b/releases.opml
index 5a02335..a62dd0a 100644
--- a/releases.opml
+++ b/releases.opml
@@ -16,6 +16,7 @@
     <outline text="changedetection" title="changedetection" type="rss" htmlUrl="https://github.com/dgtlmoon/changedetection.io" xmlUrl="https://github.com/dgtlmoon/changedetection.io/releases.atom" />
     <outline text="clickhouse" title="clickhouse" type="rss" htmlUrl="https://github.com/ClickHouse/ClickHouse" xmlUrl="https://github.com/ClickHouse/ClickHouse/releases.atom" />
     <outline text="container_socket_proxy" title="container_socket_proxy" type="rss" htmlUrl="https://github.com/Tecnativa/docker-socket-proxy" xmlUrl="https://github.com/Tecnativa/docker-socket-proxy/releases.atom" />
+    <outline text="docker_registry_proxy" title="docker_registry_proxy" type="rss" htmlUrl="https://gitlab.com/etke.cc/docker-registry-proxy" xmlUrl="https://gitlab.com/etke.cc/docker-registry-proxy/-/tags?format=atom" />
     <outline text="echoip" title="echoip" type="rss" htmlUrl="https://github.com/mpolden/echoip" xmlUrl="https://github.com/mpolden/echoip/releases.atom" />
     <outline text="etcd" title="etcd" type="rss" htmlUrl="https://github.com/etcd-io/etcd" xmlUrl="https://github.com/etcd-io/etcd/releases.atom" />
     <outline text="exim_relay" title="exim_relay" type="rss" htmlUrl="https://github.com/devture/exim-relay" xmlUrl="https://github.com/devture/exim-relay/releases.atom" />
diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers
index f3a0a1b..2a47903 100644
--- a/templates/group_vars_mash_servers
+++ b/templates/group_vars_mash_servers
@@ -240,6 +240,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
     {{ ({'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']} if docker_registry_enabled else omit) }}
   # /role-specific:docker_registry
 
+  # role-specific:docker_registry_proxy
+  - |-
+    {{ ({'name': (docker_registry_proxy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-proxy']} if docker_registry_proxy_enabled else omit) }}
+  # /role-specific:docker_registry_proxy
+
   # role-specific:docker_registry_browser
   - |-
     {{ ({'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']} if docker_registry_browser_enabled else omit) }}
@@ -1535,6 +1540,46 @@ docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_c
 
 
 
+# role-specific:docker_registry_proxy
+########################################################################
+#                                                                      #
+# docker-registry-proxy                                              #
+#                                                                      #
+########################################################################
+
+docker_registry_proxy_enabled: false
+
+docker_registry_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-proxy"
+
+docker_registry_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-proxy"
+
+docker_registry_proxy_uid: "{{ mash_playbook_uid }}"
+docker_registry_proxy_gid: "{{ mash_playbook_gid }}"
+
+docker_registry_proxy_target_scheme: "{{ 'http' if docker_registry_enabled else '' }}"
+docker_registry_proxy_target_host: "{{ docker_registry_identifier+':5000' if docker_registry_enabled else '' }}"
+
+docker_registry_proxy_container_additional_networks: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+  }}
+
+# role-specific:traefik
+docker_registry_proxy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+docker_registry_proxy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+docker_registry_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+docker_registry_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+# /role-specific:traefik
+
+########################################################################
+#                                                                      #
+# /docker-registry-proxy                                             #
+#                                                                      #
+########################################################################
+# /role-specific:docker_registry_proxy
+
+
+
 # role-specific:docker_registry_browser
 ########################################################################
 #                                                                      #
diff --git a/templates/requirements.yml b/templates/requirements.yml
index a9dc2d9..da47779 100644
--- a/templates/requirements.yml
+++ b/templates/requirements.yml
@@ -64,6 +64,10 @@
   version: v1.6.1-0
   name: docker_registry_browser
   activation_prefix: docker_registry_browser_
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry-proxy.git
+  version: v1.0.0-0
+  name: docker_registry_proxy
+  activation_prefix: docker_registry_proxy_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry-purger.git
   version: v1.0.0-0
   name: docker_registry_purger
diff --git a/templates/setup.yml b/templates/setup.yml
index 4844920..54bebab 100644
--- a/templates/setup.yml
+++ b/templates/setup.yml
@@ -134,6 +134,10 @@
     - role: galaxy/docker_registry
     # /role-specific:docker_registry
 
+    # role-specific:docker_registry_proxy
+    - role: galaxy/docker_registry_proxy
+    # /role-specific:docker_registry_proxy
+
     # role-specific:docker_registry_browser
     - role: galaxy/docker_registry_browser
     # /role-specific:docker_registry_browser