diff --git a/bxl/system.docker-compose.yaml b/bxl/system.docker-compose.yaml
index 8660d9c..f74c70c 100644
--- a/bxl/system.docker-compose.yaml
+++ b/bxl/system.docker-compose.yaml
@@ -8,21 +8,28 @@ services:
     - "--providers.docker=true"
     - "--providers.docker.exposedbydefault=false"
     - "--providers.docker.network=external"
-    - "--entrypoints.web.address=:80"
-    - "--entrypoints.websecure.address=:443"
-    - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
-    - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
-    - "--entrypoints.web.http.redirections.entryPoint.permanent=true"
+    - "--entrypoints.internal.address=:80"
+    - "--entrypoints.internalsecure.address=:443"
+    - "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
+    - "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
+    - "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
     - "--certificatesresolvers.http.acme.httpchallenge=true"
-    - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=web"
+    - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
     - "--certificatesresolvers.http.acme.email=acme@bhasher.com"
     - "--certificatesresolvers.http.acme.storage=acme.json"
+    - "--entrypoints.external.address=:81"
+    - "--entrypoints.externalsecure.address=:444"
+    - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
+    - "--entrypoints.external.http.redirections.entryPoint.scheme=https"
+    - "--entrypoints.external.http.redirections.entryPoint.permanent=true"
     environment:
     - TZ=Europe/Paris
     restart: always
     ports:
     - "80:80"
     - "443:443"
+    - "81:81"
+    - "444:444"
     volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
     - type: bind
@@ -31,48 +38,24 @@ services:
     networks:
     - external
 
-  portainer:
-    container_name: portainer
+  portainerce:
+    container_name: portainerce
     image: portainer/portainer-ce:latest
     restart: on-failure
     labels:
     - "traefik.enable=true"
     - "traefik.http.routers.portainer.rule=Host(`portainer.nas.bhasher.com`)"
-    - "traefik.http.routers.portainer.entrypoints=websecure"
+    - "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
     - "traefik.http.services.portainer.loadbalancer.server.port=9000"
     - "traefik.http.routers.portainer.tls=true"
     - "traefik.http.routers.portainer.tls.certresolver=http"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /home/debian/containers/portainer:/data
+      - /mnt/Main/containers/portainer:/data
     networks:
     - external
 
 
-  wireguard:
-    container_name: wireguard
-    image: lscr.io/linuxserver/wireguard:latest
-    volumes:
-    - /mnt/Main/containers/wireguard/config:/config
-    - /lib/modules:/lib/modules
-    ports:
-    - 51820:51820/udp
-    environment:
-    TZ: Europe/Paris
-    SERVERURL: vpn.bhasher.com
-    SERVERPORT: 51820
-    PEERS: 5
-    PEERDNS: auto
-    INTERNAL_SUBNET: 10.13.13.0
-    ALLOWEDIPS: 0.0.0.0/0
-    cap_add:
-    - NET_ADMIN
-    - SYS_MODULE
-    sysctls:
-    - net.ipv4.conf.all.src_valid_mark=1
-    restart: always
-
-
 networks:
   external:
     name: external
diff --git a/bxl/system.sh b/bxl/system.sh
new file mode 100644
index 0000000..fe19273
--- /dev/null
+++ b/bxl/system.sh
@@ -0,0 +1 @@
+docker-compose -p system -f system.docker-compose.yaml up -d
\ No newline at end of file