diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index 7f0655d..189d9b7 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -137,8 +137,12 @@ identity_providers:
       - id: wikijs
         description: WikiJS
         secret: 'mT#!fwRZ3$pE5g2rG4CCNKLkg4zg7&3L92e9LGemfYMbr92gPos&Js*4DU#&^*EUJ#PrP*y#W$W7^i2#zqJPhiK$3$z9uDNXYA$h9Urcuo8!Ggcq^#C6dow^s*VxV&WU'
+        public: false
+        authorization_policy: two_factor
+        audience: []
         redirect_uris:
-          - https://wiki.pukeko.xyz/login/2075d75c-0a5f-4949-bc42-2114036b97b3/callback
+          - https://wiki.pukeko.xyz/login/a8755bfb-8a4e-49b7-b31b-43ac5638367a/callback
+        userinfo_signing_algorithm: none
         scopes:
           - openid
           - email
@@ -151,8 +155,6 @@ identity_providers:
           - code
         response_modes:
           - form_post
-          - query
-          - fragment
       - id: grafana
         description: Grafana
         secret: '8Jx#U^%NXEvD#jc@A35wH!6PT8^DYo7pXftCKe3P%C%*xN9FQn26ec^kTxkuhA*9fZx@7*P65Y*L2Ty#Z*7n*f3#^$R!8TSuQ3THW*t#seL#iE7MatYEowb$GvU!8Y!5'
diff --git a/docker-compose.yml b/docker-compose.yml
index c304887..3c6b39f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,6 +5,7 @@ services:
   traefik:
     image: "traefik:v2.6"
     container_name: "traefik"
+    privileged: true
     command:
       - "--log.level=DEBUG"
       - "--api.insecure=true"
@@ -19,6 +20,10 @@ services:
       - "--certificatesresolvers.pukekoresolver.acme.email=matanhorovitz@protonmail.com"
       - "--certificatesresolvers.pukekoresolver.acme.storage=/letsencrypt/acme.json"
       - "--certificatesresolvers.pukekoresolver.acme.dnschallenge.resolvers=1.1.1.1:53"
+# Proxy to local Cockpit server
+#      - "--providers.file=true"
+#      - "--providers.file.directory=./config/cockpit.yml"
+#      - "--providers.file.watch=true"
     ports:
       - "80:80"
       - "443:443"
@@ -28,8 +33,8 @@ services:
       - CF_API_EMAIL=matanhorovitz@protonmail.com
       - CF_DNS_API_TOKEN=0dFNYA8qtzVhVtGi4nEb7_aclTOdGthYm5Q7N05n
     volumes:
-      - "./letsencrypt:/letsencrypt"
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./letsencrypt:/letsencrypt:z"
+      - "/var/run/docker.sock:/var/run/docker.sock:z"
     networks:
       - network
       - internal
@@ -44,6 +49,7 @@ services:
       - jekyll_network
       - jellyfin_network
       - joplin_network
+      - paperless-ngx_network 
       - photoprism_network
       - podgrab_network
       - portainer_network
@@ -51,7 +57,6 @@ services:
       - qbittorrent_network
       - syncthing_network
       - wikijs_network
-      - wireguard_network 
     restart: unless-stopped
     labels:
       - "traefik.enable=true"
@@ -67,7 +72,7 @@ services:
     image: b4bz/homer
     container_name: homer
     volumes:
-      - ./homer/:/www/assets
+      - ./homer/:/www/assets:z
     ports:
       - 4957:8080
     environment:
@@ -90,7 +95,7 @@ services:
       - TZ=Asia/Jerusalem
       - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/run/secrets/private_key
     volumes:
-      - ./authelia:/config
+      - ./authelia:/config:z
     restart: unless-stopped
     secrets:
       - hmac
@@ -140,6 +145,8 @@ networks:
     external: true
   joplin_network:
     external: true
+  paperless-ngx_network:
+    external: true
   photoprism_network:
     external: true
   podgrab_network:
@@ -154,8 +161,6 @@ networks:
     external: true
   wikijs_network:
     external: true
-  wireguard_network:
-    external: true
   qbittorrent_network:
     external: true
   syncthing_network: