diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml
index 520db49..fe32bb3 100644
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@@ -1,13 +1,10 @@
 version: '3.2'
 
 services:
-  server:
+  app:
     image: ghcr.io/goauthentik/server:2023.3
     restart: unless-stopped
     command: server
-    volumes:
-      - ./media:/media
-      - ./custom-templates:/templates
     env_file:
       - .env
       - .secret.env
@@ -25,11 +22,7 @@ services:
     command: worker
     user: root
     volumes:
-      - ./backups:/backups
-      - ./media:/media
-      - ./certs:/certs
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./custom-templates:/templates
     env_file:
       - .env
       - .secret.env
diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile
index 1388427..f1fddb3 100644
--- a/caddy/config/Caddyfile
+++ b/caddy/config/Caddyfile
@@ -1,5 +1,10 @@
 {
+	debug
 	email tobias@msrg.cc
+
+	servers {
+		strict_sni_host on
+	}
 }
 
 import /etc/caddy/snippets
diff --git a/caddy/config/conf.002.d/node002.pirate-jazz.ts.net.conf b/caddy/config/conf.002.d/node002.pirate-jazz.ts.net.conf
index 40ed103..334b080 100644
--- a/caddy/config/conf.002.d/node002.pirate-jazz.ts.net.conf
+++ b/caddy/config/conf.002.d/node002.pirate-jazz.ts.net.conf
@@ -1,6 +1,9 @@
 node002.pirate-jazz.ts.net {
 	import default
 
+	@denied not remote_ip private_ranges
+	abort @denied
+
 	@prometheus {
 		header X-App-Target prometheus
 	}