diff --git a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
index a40f40f..539c310 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
@@ -149,8 +149,8 @@ in
               labels = [
                 "traefik.enable=true"
                 "traefik.http.routers.authelia.rule=Host(`id.karaolidis.com`)"
-                "traefik.http.routers.authelia.entryPoints=https"
-                "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+                "traefik.http.routers.authelia.tls.certresolver=letsencrypt"
+
                 "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true"
                 "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth"
                 "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Email,Remote-Name"
diff --git a/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix b/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
index 5db6f41..7f70535 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix
@@ -130,7 +130,6 @@ in
           labels = [
             "traefik.enable=true"
             "traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
-            "traefik.http.routers.ntfy.entrypoints=websecure"
             "traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
           ];
         };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
index 4510fa5..fec3472 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
@@ -14,10 +14,16 @@ let
   inherit (hmConfig.virtualisation.quadlet) networks volumes containers;
 in
 {
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
+  networking.firewall = {
+    allowedTCPPorts = [
+      80
+      443
+    ];
+    allowedUDPPorts = [
+      80
+      443
+    ];
+  };
 
   home-manager.users.${user} = {
     sops = {
@@ -54,19 +60,21 @@ in
             "--entryPoints.web.address=:80"
             "--entrypoints.web.http.redirections.entryPoint.to=websecure"
             "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+            "--entryPoints.web.http3"
             "--entrypoints.web.forwardedHeaders.insecure=true"
 
             "--entryPoints.websecure.address=:443"
+            "--entryPoints.websecure.asDefault=true"
             "--entrypoints.websecure.http.tls=true"
+            "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
             "--entrypoints.websecure.http.tls.domains[0].main=karaolidis.com"
             "--entrypoints.websecure.http.tls.domains[0].sans=*.karaolidis.com"
             "--entrypoints.websecure.http.tls.domains[1].main=krlds.com"
             "--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
+            "--entrypoints.websecure.http.middlewares=compress@docker"
+            "--entryPoints.websecure.http3"
             "--entrypoints.websecure.forwardedHeaders.insecure=true"
 
-            # TODO: Middlewares: Compress, Headers
-            # TODO: HTTP3
-
             "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
             "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
             "--certificatesresolvers.letsencrypt.acme.email=nick@karaolidis.com"
@@ -75,10 +83,12 @@ in
           labels = [
             "traefik.enable=true"
             "traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
-            "traefik.http.routers.traefik.entrypoints=websecure"
             "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
             "traefik.http.routers.traefik.service: 'api@internal'"
             "traefik.http.routers.traefik.middlewares: 'authelia@docker'"
+
+            "traefik.http.middlewares.compress.compress=true"
+            # TODO: Middlewares: Headers
           ];
           environmentFiles = [ hmConfig.sops.templates."traefik.env".path ];
         };
diff --git a/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix b/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix
index b622a15..3a183ac 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/whoami/default.nix
@@ -26,7 +26,6 @@ in
       labels = [
         "traefik.enable=true"
         "traefik.http.routers.whoami.rule=Host(`whoami.karaolidis.com`)"
-        "traefik.http.routers.whoami.entrypoints=websecure"
         "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
       ];
     };