diff --git a/env.sh b/env.sh
index cbf186f..5b8e0ba 100644
--- a/env.sh
+++ b/env.sh
@@ -127,6 +127,7 @@ all_vpn_allowlist+=("fc00:5555:b994:a83e:ea79:eabc:61a5:8af8")
 all_vpn_allowlist+=("fc68:4444:9c8d:7936:4e9d:1470:b2cc:677f")
 # victorbjelkholm
 all_vpn_allowlist+=("fc7e:76f4:cfae:c1f3:e754:6b1d:bcd6:6281")
+all_vpn_allowlist+=("fcb3:8fe2:6b83:8687:9fa8:61ed:e41c:8c95")
 # teamcity
 all_vpn_allowlist+=("fcbf:94cf:55d3:da57:a159:86cc:3b5d:70e9")
 # jbenet
diff --git a/ipfs/env.sh b/ipfs/env.sh
index cb9ac5f..6639de2 100644
--- a/ipfs/env.sh
+++ b/ipfs/env.sh
@@ -11,8 +11,9 @@ auva_ipfs_ref=4cd46781a72433e8286fc507d3b76d42e8eaad23
 
 all_ipfs_daemon_opts="--enable-gc --enable-pubsub-experiment"
 
-# pages.ipfs.team
-pages_ipfs_ref=5146b34a150cd077963d81759636604fb7b80a33
+# dagreader experiment (@whyrusleeping)
+scrappy_ipfs_ref=87f77b445479785afca175a925a836c7f982e8e0
+chappy_ipfs_ref=87f77b445479785afca175a925a836c7f982e8e0
 
 # Network ports. See config.tpl for how they are bound.
 # Also see build.sh for the Docker networking options used.
diff --git a/ipfs/pages/build.sh b/ipfs/pages/build.sh
index 01b3ade..5334e2a 100755
--- a/ipfs/pages/build.sh
+++ b/ipfs/pages/build.sh
@@ -95,6 +95,16 @@ printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_key)" > out/www.saftproject.c
 printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_trustchain)" > out/www.saftproject.com.trustchain.crt
 printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_dhparam)" > out/www.saftproject.com.dhparam.pem
 
+printf %s\\n "$(lookup pages_saft_projectcom_ssl_cert)" > out/saft-project.com.crt
+printf %s\\n "$(lookup pages_saft_projectcom_ssl_key)" > out/saft-project.com.key
+printf %s\\n "$(lookup pages_saft_projectcom_ssl_trustchain)" > out/saft-project.com.trustchain.crt
+printf %s\\n "$(lookup pages_saft_projectcom_ssl_dhparam)" > out/saft-project.com.dhparam.pem
+
+printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_cert)" > out/www.saft-project.com.crt
+printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_key)" > out/www.saft-project.com.key
+printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_trustchain)" > out/www.saft-project.com.trustchain.crt
+printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_dhparam)" > out/www.saft-project.com.dhparam.pem
+
 printf %s\\n "$(lookup pages_saft_projectorg_ssl_cert)" > out/saft-project.org.crt
 printf %s\\n "$(lookup pages_saft_projectorg_ssl_key)" > out/saft-project.org.key
 printf %s\\n "$(lookup pages_saft_projectorg_ssl_trustchain)" > out/saft-project.org.trustchain.crt
diff --git a/ipfs/pages/install.sh b/ipfs/pages/install.sh
index 5b5940c..cfb6d70 100755
--- a/ipfs/pages/install.sh
+++ b/ipfs/pages/install.sh
@@ -392,6 +392,46 @@ if [ ! -z "$(diff -Naur "$cert_dest/www.saftproject.com.dhparam.pem" "out/www.sa
   reload=1
 fi
 
+if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.crt" "out/saft-project.com.crt")" ]; then
+  echo "ipfs/pages saft-project.com ssl cert changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.key" "out/saft-project.com.key")" ]; then
+  echo "ipfs/pages saft-project.com ssl key changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.trustchain.crt" "out/saft-project.com.trustchain.crt")" ]; then
+  echo "ipfs/pages saft-project.com ssl trustchain changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.dhparam.pem" "out/saft-project.com.dhparam.pem")" ]; then
+  echo "ipfs/pages saft-project.com ssl dhparam changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.crt" "out/www.saft-project.com.crt")" ]; then
+  echo "ipfs/pages www.saft-project.com ssl cert changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.key" "out/www.saft-project.com.key")" ]; then
+  echo "ipfs/pages www.saft-project.com ssl key changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.trustchain.crt" "out/www.saft-project.com.trustchain.crt")" ]; then
+  echo "ipfs/pages www.saft-project.com ssl trustchain changed"
+  reload=1
+fi
+
+if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.dhparam.pem" "out/www.saft-project.com.dhparam.pem")" ]; then
+  echo "ipfs/pages www.saft-project.com ssl dhparam changed"
+  reload=1
+fi
+
 if [ ! -z "$(diff -Naur "$cert_dest/saft-project.org.crt" "out/saft-project.org.crt")" ]; then
   echo "ipfs/pages saft-project.org ssl cert changed"
   reload=1
@@ -548,6 +588,14 @@ if [ "reload$reload" == "reload1" ]; then
   cp "out/www.saftproject.com.key" "$cert_dest/www.saftproject.com.key"
   cp "out/www.saftproject.com.trustchain.crt" "$cert_dest/www.saftproject.com.trustchain.crt"
   cp "out/www.saftproject.com.dhparam.pem" "$cert_dest/www.saftproject.com.dhparam.pem"
+  cp "out/saft-project.com.crt" "$cert_dest/saft-project.com.crt"
+  cp "out/saft-project.com.key" "$cert_dest/saft-project.com.key"
+  cp "out/saft-project.com.trustchain.crt" "$cert_dest/saft-project.com.trustchain.crt"
+  cp "out/saft-project.com.dhparam.pem" "$cert_dest/saft-project.com.dhparam.pem"
+  cp "out/www.saft-project.com.crt" "$cert_dest/www.saft-project.com.crt"
+  cp "out/www.saft-project.com.key" "$cert_dest/www.saft-project.com.key"
+  cp "out/www.saft-project.com.trustchain.crt" "$cert_dest/www.saft-project.com.trustchain.crt"
+  cp "out/www.saft-project.com.dhparam.pem" "$cert_dest/www.saft-project.com.dhparam.pem"
   cp "out/saft-project.org.crt" "$cert_dest/saft-project.org.crt"
   cp "out/saft-project.org.key" "$cert_dest/saft-project.org.key"
   cp "out/saft-project.org.trustchain.crt" "$cert_dest/saft-project.org.trustchain.crt"
diff --git a/ipfs/pages/nginx.conf.tpl b/ipfs/pages/nginx.conf.tpl
index 841f383..f41994d 100644
--- a/ipfs/pages/nginx.conf.tpl
+++ b/ipfs/pages/nginx.conf.tpl
@@ -1,5 +1,5 @@
 server {
-    server_name *.i.ipfs.io filecoin.io orbit.chat ipld.io libp2p.io multiformats.io zcash.dag.ipfs.io wikipedia-on-ipfs.org en.wikipedia-on-ipfs.org tr.wikipedia-on-ipfs.org simple.wikipedia-on-ipfs.org ar.wikipedia-on-ipfs.org ku.wikipedia-on-ipfs.org datatogether.org saftproject.com www.saftproject.com saft-project.org www.saft-project.org peerpad.net flipchart.peerpad.net;
+    server_name *.i.ipfs.io filecoin.io orbit.chat ipld.io libp2p.io multiformats.io zcash.dag.ipfs.io wikipedia-on-ipfs.org en.wikipedia-on-ipfs.org tr.wikipedia-on-ipfs.org simple.wikipedia-on-ipfs.org ar.wikipedia-on-ipfs.org ku.wikipedia-on-ipfs.org datatogether.org saftproject.com www.saftproject.com saft-project.com www.saft-project.com saft-project.org www.saft-project.org peerpad.net flipchart.peerpad.net;
     access_log /var/log/nginx/access.log mtail;
 
     listen 80;
@@ -445,6 +445,42 @@ server {
     return 301 https://saftproject.com\$request_uri;
 }
 
+server {
+    server_name saft-project.com;
+    access_log /var/log/nginx/access.log mtail;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/certs/saft-project.com.crt;
+    ssl_certificate_key /etc/nginx/certs/saft-project.com.key;
+    ssl_dhparam /etc/nginx/certs/saft-project.com.dhparam.pem;
+    ssl_trusted_certificate /etc/nginx/certs/saft-project.com.trustchain.crt;
+
+    # HSTS (ngx_http_headers_module is required)
+    # 31536000 seconds = 12 months, as advised by hstspreload.org
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+    return 301 https://saftproject.com\$request_uri;
+}
+
+server {
+    server_name www.saft-project.com;
+    access_log /var/log/nginx/access.log mtail;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/certs/www.saft-project.com.crt;
+    ssl_certificate_key /etc/nginx/certs/www.saft-project.com.key;
+    ssl_dhparam /etc/nginx/certs/www.saft-project.com.dhparam.pem;
+    ssl_trusted_certificate /etc/nginx/certs/www.saft-project.com.trustchain.crt;
+
+    # HSTS (ngx_http_headers_module is required)
+    # 31536000 seconds = 12 months, as advised by hstspreload.org
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+    return 301 https://saftproject.com\$request_uri;
+}
+
 server {
     server_name saft-project.org;
     access_log /var/log/nginx/access.log mtail;
diff --git a/metrics/node_exporter/env.sh b/metrics/node_exporter/env.sh
index 00a197e..901140f 100644
--- a/metrics/node_exporter/env.sh
+++ b/metrics/node_exporter/env.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-all_node_exporter_ref=840ba5dcc71a084a3bc63cb6063003c1f94435a6
+all_node_exporter_ref=98bc64930d34878b84a0f87dfe6e1a6da61e532d
diff --git a/metrics/node_exporter/install.sh b/metrics/node_exporter/install.sh
index 98fa43d..7e76843 100755
--- a/metrics/node_exporter/install.sh
+++ b/metrics/node_exporter/install.sh
@@ -55,7 +55,7 @@ if [ "rebuild$rebuild" == "rebuild1" ]; then
   git remote set-url origin https://github.com/prometheus/node_exporter
   git remote prune origin >/dev/null
   git gc
-  git fetch -q --all
+  git fetch -q --all --tags
   git reset -q --hard "$ref"
   make build >/dev/null
   mv ./node_exporter /usr/bin/node_exporter
diff --git a/metrics/node_exporter/systemd.service b/metrics/node_exporter/systemd.service
index 3cd9071..9a1eeae 100644
--- a/metrics/node_exporter/systemd.service
+++ b/metrics/node_exporter/systemd.service
@@ -7,5 +7,5 @@ After=network.target
 ProtectHome=read-only
 ProtectSystem=true
 SyslogIdentifier=node_exporter
-ExecStart=/usr/bin/node_exporter --web.listen-address="127.0.0.1:9100" -collectors.enabled=filesystem,netdev
+ExecStart=/usr/bin/node_exporter --web.listen-address="127.0.0.1:9100" --collector.filesystem --collector.netdev --collector.cpu --collector.diskstats --collector.mdadm --collector.loadavg --collector.time --collector.uname --collector.logind
 Restart=always
diff --git a/metrics/node_exporter/upstart.conf b/metrics/node_exporter/upstart.conf
index 34992fe..f06c03b 100644
--- a/metrics/node_exporter/upstart.conf
+++ b/metrics/node_exporter/upstart.conf
@@ -6,4 +6,4 @@ stop on starting rc RUNLEVEL=[016]
 respawn
 respawn limit unlimited
 
-exec /usr/bin/node_exporter --web.listen-address="127.0.0.1:9100" -collectors.enabled=filesystem,netdev
+exec /usr/bin/node_exporter --web.listen-address="127.0.0.1:9100" --collector.filesystem --collector.netdev --collector.cpu --collector.diskstats --collector.mdadm --collector.loadavg --collector.time --collector.uname --collector.logind
diff --git a/secrets_secure b/secrets_secure
index 397c938..d1f704f 160000
--- a/secrets_secure
+++ b/secrets_secure
@@ -1 +1 @@
-Subproject commit 397c938c9ec9d81551f212ffe0d776b02e62aa32
+Subproject commit d1f704f68b687be5a1df7c78d2bb6ae381adc7bd