diff --git a/homelab/Caddyfile b/homelab/Caddyfile
index 1609eca..9962c32 100644
--- a/homelab/Caddyfile
+++ b/homelab/Caddyfile
@@ -47,14 +47,16 @@ sweetums.woozle.org {
     import restricted-access
     reverse_proxy host.docker.internal:5880
   }
-
-  file_server /public/* {
-    root /srv/ext/storage/public
+  handle_path /public/* {
+    file_server {
+      root /srv/ext/storage/public
+    }
   }
-
-  import restricted-access
-  file_server {
-    root /www
+  handle {
+    import restricted-access
+    file_server {
+      root /www
+    }
   }
 }
 
diff --git a/homelab/deploy.sh b/homelab/deploy.sh
index f42b263..d329a08 100755
--- a/homelab/deploy.sh
+++ b/homelab/deploy.sh
@@ -1,5 +1,10 @@
 #! /bin/sh
 
+caddy_hash () {
+  echo -n "$1 "
+  echo "$2" | docker run --rm -i caddy caddy hash-password
+}
+
 stack=$(basename $(pwd))
 
 docker stack deploy -c docker-compose.yaml --prune $stack
diff --git a/homelab/docker-compose.yaml b/homelab/docker-compose.yaml
index 3295a13..e8d35f7 100644
--- a/homelab/docker-compose.yaml
+++ b/homelab/docker-compose.yaml
@@ -141,10 +141,10 @@ configs:
     name: dave.yaml-v3
   Caddyfile:
     file: Caddyfile
-    name: Caddyfile-v17
+    name: Caddyfile-v18
   index.html:
     file: index.html
-    name: index.html-v8
+    name: index.html-v9
 
 secrets:
   caddy-users:
diff --git a/homelab/index.html b/homelab/index.html
index d8dbe0a..00aab32 100644
--- a/homelab/index.html
+++ b/homelab/index.html
@@ -19,7 +19,7 @@
           <p class="menu-label">Sweetums</p>
           <ul class="menu-list">
             <li><a href="/sucker/">💿 Media Sucker</a></li>
-            <li><a href="/transmission/">📥 Transmission</a></li>
+            <li><a href="/transmission/web/">📥 Transmission</a></li>
           </ul>
         </menu>
     </template>
diff --git a/melville/Caddyfile b/melville/Caddyfile
new file mode 100644
index 0000000..152f358
--- /dev/null
+++ b/melville/Caddyfile
@@ -0,0 +1,21 @@
+{
+  email neale@woozle.org
+}
+
+vail.woozle.org {
+  reverse_proxy vail:8080
+}
+
+www.woozle.org, woozle.org {
+  root * /srv/www/woozle.org
+  file_server
+
+  handle_errors {
+    @404 {
+      expression {http.error.status_code} == 404
+    }
+    rewrite @404 /404.html
+    file_server
+  }
+}
+
diff --git a/deploy.sh b/melville/deploy.sh
similarity index 100%
rename from deploy.sh
rename to melville/deploy.sh
diff --git a/melville/docker-compose.yaml b/melville/docker-compose.yaml
index fefaf05..155d717 100644
--- a/melville/docker-compose.yaml
+++ b/melville/docker-compose.yaml
@@ -1,20 +1,7 @@
 version: "3.8"
 services:
-  traefik:
-    image: traefik
-    environment:
-      TRAEFIK_API: "true"
-      TRAEFIK_API_INSECURE: "true"
-      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80
-      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
-      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json
-      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
-      TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
-      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
+  caddy:
+    image: caddy
     ports:
       - target: 80
         published: 80
@@ -22,53 +9,22 @@ services:
       - target: 443
         published: 443
         mode: host
-      - target: 8080
-        published: 8080
     volumes:
       - type: bind
-        source: /var/run/docker.sock
-        target: /var/run/docker.sock
-        read_only: true
+        source: /srv/caddy
+        target: /data/caddy
       - type: bind
-        source: /srv/traefik/acme.json
-        target: /acme.json
-    secrets:
-      - htaccess
-    deploy:
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.dashboard.rule: "Host(`melville.woozle.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-        traefik.http.routers.dashboard.tls.certresolver: letsencrypt
-        traefik.http.routers.dashboard.middlewares: auth
-        traefik.http.routers.dashboard.service: api@internal
-        traefik.http.middlewares.auth.basicauth.usersfile: /run/secrets/htaccess
-        traefik.http.services.traefik.loadbalancer.server.port: "1"
+        source: /srv/www
+        target: /srv/www
+        read_only: true
+    configs:
+      - source: Caddyfile
+        target: /etc/caddy/Caddyfile
 
   vail:
-    image: ghcr.io/nealey/vail:master
-    deploy:
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.vail.rule: "PathPrefix(`/vail`) || Host(`vail.woozle.org`)"
-        traefik.http.services.vail.loadbalancer.server.port: "8080"
+    image: ghcr.io/nealey/vail:main
 
-  chat:
-    image: ghcr.io/dirtbags/microchat
-    command:
-      - --redis=redis:6379
-      - --noauth
-    deploy:
-      labels:
-        traefik.enable: "true"
-        traefik.http.routers.chat.rule: "Host(`melville.woozle.org`) && PathPrefix(`/chat`)"
-        traefik.http.routers.chat.middlewares: chat-prefix
-        traefik.http.middlewares.chat-prefix.stripprefix.prefixes: "/chat"
-        traefik.http.services.chat.loadbalancer.server.port: "8080"
-  redis:
-    image: redis
-
-
-secrets:
-  htaccess:
-    file: htaccess
-    name: htaccess-v1
+configs:
+  Caddyfile:
+    file: Caddyfile
+    name: Caddyfile-v5
diff --git a/melville/htaccess b/melville/htaccess
deleted file mode 100644
index af49f59..0000000
--- a/melville/htaccess
+++ /dev/null
@@ -1 +0,0 @@
-user:$apr1$tIOiVTs2$vDOzHYgsomLL5aCvAinUs1