diff --git a/services/mqtt/mosquitto.conf b/services/mqtt/mosquitto.conf
diff --git a/services/mqtt/remove.sh b/services/mqtt/remove.sh
@@ -0,0 +1 @@
+docker-compose rm
diff --git a/services/mqtt/setup.sh b/services/mqtt/setup.sh
diff --git a/services/mqtt/start.sh b/services/mqtt/start.sh
@@ -0,0 +1,6 @@
+docker-compose up -d
+# Docker adds rules at the beginning of the FORWARD table
+# so we want to reload the firewall to make sure the firewall
+# rule stays on top
+service firewall reload
+
diff --git a/services/mqtt/stop.sh b/services/mqtt/stop.sh
@@ -0,0 +1 @@
+docker-compose down
diff --git a/services/proxy/sites/files b/services/proxy/sites/files
@@ -30,7 +30,7 @@ server {
 
     location /downloads {
       auth_basic           "That's all folks!";
-      auth_basic_user_file /mnt/data/.htpasswd;
+      auth_basic_user_file /mnt/data/.chloehtpasswd;
     }
   }
 

diff --git a/services/proxy/sites/gaston b/services/proxy/sites/gaston
@@ -0,0 +1,37 @@
+server {
+  listen 80;
+  server_name gaston.hmil.fr;
+
+  location / {
+    return 302 https://gaston.hmil.fr;
+  }
+
+  location /.well-known {
+    root /var/www/letsencrypt/gaston;
+  }
+}
+
+server {
+  listen 443 ssl;
+
+  ssl_certificate   /etc/letsencrypt/live/gaston.hmil.fr/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/gaston.hmil.fr/privkey.pem;
+  ssl_protocols   SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers   HIGH:!aNULL:!MD5;
+
+  server_name gaston.hmil.fr;
+
+  client_max_body_size 0; # disable
+
+  location / {
+    proxy_pass http://localhost:${PORT_GASTON}/;
+    proxy_set_header Host ${DOLLAR}host;
+    proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
+
+    access_log /var/log/gaston.access combined;
+  }
+
+  location /.well-known {
+    root /var/www/letsencrypt/gaston;
+  }
+}
diff --git a/services/proxy/sites/gaston-nossl b/services/proxy/sites/gaston-nossl
@@ -0,0 +1,17 @@
+server {
+  listen 80;
+
+  server_name gaston.hmil.fr;
+
+  client_max_body_size 0; # disable
+
+  location / {
+    proxy_pass http://localhost:${PORT_GASTON}/;
+    proxy_set_header Host ${DOLLAR}host;
+    proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
+  }
+
+  location /.well-known {
+    root /var/www/letsencrypt/gaston;
+  }
+}
diff --git a/services/proxy/sites/mqtt-nossl b/services/proxy/sites/mqtt-nossl
@@ -0,0 +1,9 @@
+server {
+  listen 80;
+
+  server_name mqtt.hmil.fr;
+
+  location /.well-known {
+    root /var/www/letsencrypt/mqtt;
+  }
+}
diff --git a/services/vpn/config.sh b/services/vpn/config.sh
@@ -21,6 +21,14 @@ get_client() {
   docker-compose run --rm openvpn ovpn_getclient $1 > $1.ovpn
 }
 
+rm_client() {
+  if [ -z "$1" ]; then
+    echo "Usage: rm_client CLIENT_NAME" 1>&2
+    exit 1
+  fi
+  docker-compose run --rm openvpn ovpn_revokeclient $1
+}
+
 cmd="$1"
 shift
 case $cmd in
@@ -30,6 +38,9 @@ case $cmd in
   "get_client" )
     get_client $@
     ;;
+  "rm_client" )
+    rm_client $@
+    ;;
   *)
     usage
     ;;