diff --git a/bxl-swarm/pihole.stack.yaml b/bxl-swarm/pihole.stack.yaml
index 2cd3735..e9936ac 100644
--- a/bxl-swarm/pihole.stack.yaml
+++ b/bxl-swarm/pihole.stack.yaml
@@ -2,38 +2,41 @@ version: '3.7'
 services:
   pihole:
     image: cbcrowe/pihole-unbound:latest
+    ports:
+    - 53:53/tcp
+    - 53:53/udp
+    - 45677:80
+    environment:
+    - TZ=Europe/Paris
+    - WEBPASSWORD=z9w1r0FvKKvuLdXIygDlhidUhinERhOKZTBJtOXCMaFLi1dZvh0f2vsy9miDqsFu
+    - WEBTHEME=default-dark
+    - REV_SERVER=false
+    - PIHOLE_DNS_=127.0.0.1#5335
+    - DNSSEC=true
+    - DNSMASQ_LISTENING=all
+    - FTLCONF_REPLY_ADDR4=192.168.1.220
+    - FTLCONF_RATE_LIMIT=0/0
+    - FTL_CMD=debug
+    - DNSMASQ_USER=root
+    volumes:
+    - /mnt/nfs/pihole/config:/etc/pihole
+    - /mnt/nfs/pihole/dnsmasq.d:/etc/dnsmasq.d    
+    networks:
+    - external
     deploy:
       mode: replicated
       replicas: 1
       restart_policy:
         condition: any
         max_attempts: 3
-    ports:
-    - mode: host
-      protocol: tcp
-      published: 53
-      target: 53
-    - mode: host
-      protocol: udp
-      published: 53
-      target: 53
-    - mode: host
-      protocol: tcp
-      published: 80
-      target: 80
-    environment:
-      TZ: 'Europe/Paris'
-      WEBPASSWORD: 'z9w1r0FvKKvuLdXIygDlhidUhinERhOKZTBJtOXCMaFLi1dZvh0f2vsy9miDqsFu'
-      WEBTHEME: 'default-dark'
-      REV_SERVER: 'false'
-      PIHOLE_DNS_: '127.0.0.1#5335'
-      DNSSEC: 'true'
-      DNSMASQ_LISTENING: 'all'
-      FTLCONF_REPLY_ADDR4: '192.168.1.220'
-      FTLCONF_RATE_LIMIT: '0/0'
-      FTL_CMD: 'debug'
-    volumes:
-    - '/mnt/nfs/pihole/config:/etc/pihole'
-    - '/mnt/nfs/pihole/dnsmasq.d:/etc/dnsmasq.d'    
-    # - '/tmp/config:/etc/pihole'
-    # - '/tmp/dnsmasq.d:/etc/dnsmasq.d'    
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pihole.rule=Host(`pihole.bxl.bhasher.com`)"
+      - "traefik.http.routers.pihole.entrypoints=internalsecure"
+      - "traefik.http.services.pihole.loadbalancer.server.port=80"
+      - "traefik.http.routers.pihole.tls=true"
+      - "traefik.http.routers.pihole.tls.certresolver=http"
+
+networks:
+  external:
+    external: true
diff --git a/bxl-swarm/system.stack.yaml b/bxl-swarm/system.stack.yaml
index 40eb044..9a27f58 100644
--- a/bxl-swarm/system.stack.yaml
+++ b/bxl-swarm/system.stack.yaml
@@ -23,7 +23,7 @@ services:
     - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
     - "--entrypoints.external.http.redirections.entryPoint.scheme=https"
     - "--entrypoints.external.http.redirections.entryPoint.permanent=true"
-    #- "--log.level=DEBUG"
+    - "--log.level=DEBUG"
     environment:
     - TZ=Europe/Paris
     ports: