diff --git a/base.yml b/base.yml
index 5418ed4..e7c3ed5 100644
--- a/base.yml
+++ b/base.yml
@@ -56,7 +56,7 @@ services:
       resources:
         limits:
           cpus: '0.10'
-          memory: '100M'
+          memory: '500M'
       restart_policy:
         condition: any
       update_config:
diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf
index fd36189..e50575e 100644
--- a/build/HAProxy/haproxy.conf
+++ b/build/HAProxy/haproxy.conf
@@ -1,6 +1,4 @@
 global
-  tune.ssl.default-dh-param 2048
-  ssl-default-bind-options ssl-min-ver TLSv1.2
   maxconn 2048
   maxconnrate 40
   uid 65534
@@ -23,7 +21,7 @@ defaults
   timeout client 60s
   timeout server 240s
   timeout http-keep-alive 240s
-  default-server resolvers dockerdns init-addr libc,none resolve-opts prevent-dup-ip
+  default-server resolvers dockerdns init-addr libc,none resolve-opts prevent-dup-ip check
 
 resolvers dockerdns
   nameserver docker 127.0.0.11:53
@@ -42,9 +40,6 @@ frontend https
 
   acl root url /
 
-  acl public_cache res.hdr(content-type) -i -m str text/css -i -m str application/javascript -i -m beg font/
-  acl private_cache res.hdr(content-type) -i -m beg image/ -i -m beg audio/ -i -m beg video/ -i -m beg text/ -i -m beg application/
-
   acl grafana hdr_beg(host) -i stats.redxen.eu
   acl git hdr_beg(host) -i git.redxen.eu
   acl transmission hdr_beg(host) -i seed.redxen.eu
@@ -58,8 +53,7 @@ frontend https
   http-response replace-header Set-Cookie (.*) \1;\ Secure
   http-response add-header X-Forwarded-Proto https
 
-  http-response set-header Cache-Control public\ max-age=31536000 if public_cache ! private_cache
-  http-response set-header Cache-Control private\ max-age=86400\ must-revalidate if private_cache
+  http-response set-header Cache-Control public\ max-age=31536000 if homepage
 
   http-response set-header X-XSS-Protection 1;\ mode=block
   http-response set-header X-Content-Type-Options nosniff
@@ -74,27 +68,27 @@ frontend https
   use_backend fedi if fediver
 
 backend homepage
-  server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80
+  server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check
   http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
   http-request set-header Connection \"\"
 
 backend grafana
-  server-template grafana-docker 5 tasks.tig_grafana:3000 check
+  server-template grafana-docker 5 tasks.tig_grafana:3000
   option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu
   http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
 
 backend fedi
-  server pleroma-docker tasks.pleroma_server:4000 check
+  server pleroma-docker tasks.pleroma_server:4000
   option httpchk HEAD / HTTP/1.1\r\nHost:\ social.redxen.eu
 
 backend git
-  server git-docker tasks.git_gitea:3000 check
+  server git-docker tasks.git_gitea:3000
   option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu
   http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
 
 backend transmission
-  server transmission-docker tasks.seedbox_transmission:9091 check
+  server transmission-docker tasks.seedbox_transmission:9091
   http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
 
 backend seedown
-  server httpd-seedown tasks.seedbox_httpd:80 check
+  server httpd-seedown tasks.seedbox_httpd:80
diff --git a/build/Varnish/varnish.vcl b/build/Varnish/varnish.vcl
index 307d057..0347291 100644
--- a/build/Varnish/varnish.vcl
+++ b/build/Varnish/varnish.vcl
@@ -23,10 +23,17 @@ sub vcl_recv {
 	if (req.http.Upgrade ~ "(?i)websocket") {
 		return (pipe);
 	}
-	if (req.method != "GET" && req.method != "HEAD") {
-		return (pass);
+	if (req.method == "GET" || req.method == "HEAD") {
+		return (hash);
 	}
-	return (hash);
+	return (pass);
+}
+sub vcl_hash {
+	hash_data(req.url);
+	if (req.http.cookie) {
+		hash_data(req.http.cookie);
+	}
+	return (lookup);
 }
 sub vcl_hit {
 	if (obj.ttl + obj.grace > 0s) {
@@ -34,23 +41,21 @@ sub vcl_hit {
 	}
 	return (pass);
 }
+sub vcl_miss {
+	return (fetch);
+}
 sub vcl_pipe {
 	if (req.http.upgrade) {
 		set bereq.http.upgrade = req.http.upgrade;
 	}
 	return (pipe);
 }
-sub vcl_hash {
-	hash_data(req.url);
-	if (req.http.Cookie) {
-		hash_data(req.http.Cookie);
-	}
-}
 sub vcl_backend_response {
-	set beresp.grace = 1m;
-	set beresp.keep = 4m;
-	if (beresp.http.ETag || beresp.http.Last-Modified) {
-		set beresp.keep = 4h;
+	if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
+		return (abandon);
 	}
-	return (deliver);
+	if (beresp.http.Cache-Control ~ "public") {
+		return (deliver);
+	}
+	return (pass);
 }