diff --git a/playbooks/roles/caddy/templates/Caddyfile.j2 b/playbooks/roles/caddy/templates/Caddyfile.j2
index f09a3c2..882ef0f 100644
--- a/playbooks/roles/caddy/templates/Caddyfile.j2
+++ b/playbooks/roles/caddy/templates/Caddyfile.j2
@@ -1,14 +1,21 @@
 {
 	email {{ admin_email }}
 
+    metrics
+
 	servers {
-		metrics
 		strict_sni_host on
 	}
 }
 
 import /etc/caddy/snippets
 
+http://{{ host_vpn.domain }} {
+    import vpn_only
+
+    metrics
+}
+
 *.serguzim.me {
 	import acmedns
 
diff --git a/playbooks/roles/caddy/vars/main.yml b/playbooks/roles/caddy/vars/main.yml
index 2f56a07..573c0e9 100644
--- a/playbooks/roles/caddy/vars/main.yml
+++ b/playbooks/roles/caddy/vars/main.yml
@@ -4,13 +4,10 @@ caddy_acmedns_pass: "{{ vault_caddy.acmedns.pass }}"
 caddy_acmedns_subd: "{{ vault_caddy.acmedns.subd }}"
 caddy_acmedns_url: "https://{{ acme_dns.host }}"
 
-caddy_ports_default:
-  - "{{ host_vpn.ip }}:2019:2019"
-caddy_ports_extra: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
-caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
+caddy_ports: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
 
 caddy_env:
-  CADDY_ADMIN: 0.0.0.0:2019
+  CADDY_ADMIN: unix//run/caddy-admin.sock
 
   ACMEDNS_USER: "{{ caddy_acmedns_user }}"
   ACMEDNS_PASS: "{{ caddy_acmedns_pass }}"
diff --git a/playbooks/roles/lgtm_stack/templates/config.alloy.j2 b/playbooks/roles/lgtm_stack/templates/config.alloy.j2
index 950059e..d82a415 100644
--- a/playbooks/roles/lgtm_stack/templates/config.alloy.j2
+++ b/playbooks/roles/lgtm_stack/templates/config.alloy.j2
@@ -39,7 +39,7 @@ prometheus.scrape "node_exporter" {
 prometheus.scrape "caddy" {
     targets = [
 {% for host_data in opentofu.hosts.values() %}
-        {"__address__" = "{{ host_data.fqdn_vpn }}:2019", "instance" = "{{ host_data.hostname }}"},
+        {"__address__" = "{{ host_data.fqdn_vpn }}", "instance" = "{{ host_data.hostname }}"},
 {% endfor %}
     ]
     forward_to = [prometheus.remote_write.mimir.receiver]
diff --git a/services.auto.tfvars b/services.auto.tfvars
index 5861848..0388654 100644
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@@ -93,7 +93,6 @@ services = {
         protocol = "udp"
         type = "reverse_proxy"
       },
-      #"2019:2019",
     ]
     auth = false
     database = false