diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix
index 8217224..e5ea482 100644
--- a/hosts/fw/modules/ddclient.nix
+++ b/hosts/fw/modules/ddclient.nix
@@ -9,13 +9,18 @@
     passwordFile = config.sops.secrets.ddclient.path;
     zone = "cloonar.com";
     domains = [
-      "fw.cloonar.com"
-      "vpn.cloonar.com"
-      "git.cloonar.com"
-      "palworld.cloonar.com"
-      "matrix.cloonar.com"
+      "audiobooks.cloonar.com"
       "element.cloonar.com"
-      "tinder.cloonar.com"
+      "foundry-vtt.cloonar.com"
+      "foundry-ha.cloonar.com"
+      "fw.cloonar.com"
+      "git.cloonar.com"
+      "jellyfin.cloonar.com"
+      "matrix.cloonar.com"
+      "palworld.cloonar.com"
+      "support.cloonar.com"
+      "sync.cloonar.com"
+      "vpn.cloonar.com"
     ];
   };
 
diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix
index d2884e3..12ce8e1 100644
--- a/hosts/fw/modules/dnsmasq.nix
+++ b/hosts/fw/modules/dnsmasq.nix
@@ -137,6 +137,7 @@
         # multimedia
         "/dl.cloonar.com/${config.networkPrefix}.97.5"
         "/jellyfin.cloonar.com/${config.networkPrefix}.97.5"
+        "/audiobooks.cloonar.com/${config.networkPrefix}.97.5"
 
         "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22"
 
diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix
index 5e62a11..5b33e43 100644
--- a/hosts/fw/modules/web/proxies.nix
+++ b/hosts/fw/modules/web/proxies.nix
@@ -57,15 +57,6 @@
     enableACME = true;
     acmeRoot = null;
 
-    # Restrict to internal LAN only
-    extraConfig = ''
-      allow ${config.networkPrefix}.96.0/24;
-      allow ${config.networkPrefix}.97.0/24;
-      allow ${config.networkPrefix}.98.0/24;
-      allow ${config.networkPrefix}.99.0/24;
-      deny all;
-    '';
-
     locations."/" = {
       proxyPass = "http://${config.networkPrefix}.97.11:8096";
       proxyWebsockets = true;
@@ -82,4 +73,25 @@
       '';
     };
   };
+
+  services.nginx.virtualHosts."audiobooks.cloonar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+
+    locations."/" = {
+      proxyPass = "http://${config.networkPrefix}.97.11:13378";
+      proxyWebsockets = true;
+
+      extraConfig = ''
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        # Disable buffering for better streaming performance
+        proxy_buffering off;
+      '';
+    };
+  };
 }