diff --git a/system/modules/server/common/root/var/lib/docker-services/volumes/authelia/configuration.yml b/system/modules/server/common/root/var/lib/docker-services/volumes/authelia/configuration.yml
index a01141b5..8baa0015 100644
--- a/system/modules/server/common/root/var/lib/docker-services/volumes/authelia/configuration.yml
+++ b/system/modules/server/common/root/var/lib/docker-services/volumes/authelia/configuration.yml
@@ -73,7 +73,7 @@ access_control:
         - internal
     - domain_regex: 
         - '^(traefik|torrents|torrents-unsafe|netdata|readarr|prowlarr|sonarr|radarr|bazarr|jellyseerr|mail|kavita)\.(files|(o|r|)pi)\.home\.arhipov\.net$'
-        - '^(mail)\.u8\.lv$'
+        - '^(mail|r)\.u8\.lv$'
       policy: bypass
       networks:
         - internal
diff --git a/system/modules/server/files/docker/projects/media.docker-compose.yaml b/system/modules/server/files/docker/projects/media.docker-compose.yaml
index 2786fa5e..5f14bb9b 100644
--- a/system/modules/server/files/docker/projects/media.docker-compose.yaml
+++ b/system/modules/server/files/docker/projects/media.docker-compose.yaml
@@ -72,6 +72,14 @@ services:
     container_name: tunnel
     cap_add:
       - NET_ADMIN
+    ports:
+      # Plain-text socks5 proxy
+      - 1080:1080/tcp
+      # Plain-text HTTP Proxy
+      - 8888:8888/tcp
+      # Shadowsocks encrypted prox
+      - 8388:8388/tcp
+      - 8388:8388/udp
     environment:
       - VPN_SERVICE_PROVIDER=${WIREGUARD_SERVICE}
       - VPN_TYPE=wireguard
@@ -81,6 +89,7 @@ services:
       - SERVER_COUNTRIES=${WIREGUARD_SERVER_COUNTRIES}
       - FIREWALL_VPN_INPUT_PORTS=${WIREGUARD_INPUT_PORTS}
       - HTTPPROXY=on
+      - SHADOWSOCKS=on
     devices:
       - /dev/net/tun:/dev/net/tun
   socks5: