diff --git a/.gitignore b/.gitignore
index af68123..dee5946 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,10 @@
 traefik/acme.json
 traefik/certs/
 traefik/traefik.log
+traefik/config/old.yaml
 
 authelia/db.sqlite3
 authelia/notification.txt
 authelia/users_database.yml
+
+homer/
diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index 5f163f5..e867cfa 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -6,13 +6,12 @@ authentication_backend:
   file:
     path: /opt/authelia/users_database.yml
 
-    # {{ env.Getenv "ROOT_DOMAIN" }}
 session:
   name: authelia_session
   secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-token-secret
   domain: {{ env.Getenv "PRIVATE_DOMAIN" }}
   expiration: 604800
-  inactivity: 300
+  inactivity: 172800
 
 storage:
   local:
@@ -22,9 +21,10 @@ totp:
   issuer: {{ env.Getenv "PRIVATE_DOMAIN" }}
 
 access_control:
-  default_policy: two_factor
+  default_policy: one_factor
 
   rules:
+    # Allow free access from local network
     - domain: "*"
       networks:
         - 192.168.1.0/23
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 26495cb..a25a9f9 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,43 +1,52 @@
-version: "3.5"
+version: "2.4"
 
 networks:
   web:
     # All containers that are router through traefik needs to be on this network
-    external: false
-    name: web
+    external: true
 
 volumes:
   authelia-config:
     # Used for pre-processing of authelia configuration
 
 services:
-  proxy:
+  autoheal:
+    container_name: autoheal
+    restart: always
+    image: willfarrell/autoheal
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  traefik:
     container_name: traefik
-    image: traefik:v2.1
+    image: traefik
     restart: always
     environment:
       - EMAIL
       - PRIVATE_DOMAIN
       - PUBLIC_DOMAIN
     networks:
-      - web
+      web:
     command:
       - "--configFile=/data/traefik.yaml"
-    ports: 
+    ports:
       - 80:80
       - 443:443
       # Open port 8080 for debugging emergencies
-    # - 8080:8080
+      - 8080:8080
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik:/data
+    healthcheck:
+      # Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
+      test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
     labels:
       traefik.enable: true
       traefik.http.services.traefik.loadbalancer.server.port: 8080
-
       traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`)
       traefik.http.routers.traefik.middlewares: auth@file
       traefik.http.routers.traefik.tls.certResolver: le
+      autoheal: "true"
 
   authelia-config:
     # Preprocess authelia configuration through gomplate
@@ -63,17 +72,37 @@ services:
       - ENVIRONMENT=dev
       - NODE_TLS_REJECT_UNAUTHORIZED=1
     networks:
-      - web
+      web:
+    healthcheck:
+      test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"]
     labels:
       traefik.enable: true
       traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`)
       traefik.http.routers.authelia.tls.certResolver: le
       traefik.http.routers.authelia.entrypoints: websecure
+      autoheal: "true"
+
+  homer:
+    container_name: homer
+    image: b4bz/homer
+    restart: always
+    volumes:
+      - ./homer:/www/assets
+    environment:
+      UID: 1000
+      GID: 1001
+    networks:
+      web:
+    labels:
+      traefik.enable: true
+      traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`)
+      traefik.http.routers.homer.tls.certResolver: le
+      traefik.http.routers.homer.entrypoints: websecure
 
 # whoami-https:
 #   image: containous/whoami
 #   networks:
-#     - web
+#     web:
 #   labels:
 #     traefik.enable: true
 #     traefik.http.routers.wait-https.rule: Host(`wai-https.${PRIVATE_DOMAIN}`)
@@ -82,7 +111,8 @@ services:
 # whoami-auth:
 #   image: containous/whoami
 #   networks:
-#     - web
+#     web:
+#     macvlan:
 #   labels:
 #     traefik.enable: true
 #     traefik.http.routers.wai-auth.rule: Host(`wai-auth.${PRIVATE_DOMAIN}`)
diff --git a/traefik/config/security.yaml b/traefik/config/security.yaml
index 8fca9d4..0cbc9d2 100644
--- a/traefik/config/security.yaml
+++ b/traefik/config/security.yaml
@@ -30,6 +30,9 @@ http:
         address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/
         trustForwardHeader: true
         authResponseHeaders:
-          - X-Forwarded-User
+          - X-Remote-User
+          - Remote-User
+          - X-Remote-Groups
+          - Remote-Groups
         tls:
           insecureSkipVerify: true
diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml
index 709a3b9..ed32712 100644
--- a/traefik/traefik.yaml
+++ b/traefik/traefik.yaml
@@ -1,6 +1,9 @@
 api:
   insecure: true
 
+serversTransport:
+  insecureSkipVerify: true
+
 providers:
   file:
     directory: /data/config