diff --git a/install/config/docker-compose.yml b/install/config/docker-compose.yml
index 97b30317..c06e55ca 100644
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -6,8 +6,8 @@ services:
     restart: unless-stopped
     volumes:
       - ./config:/app/config
-      - pangolin-data:/var/certificates
-      - pangolin-data:/var/dynamic
+      - pangolin-data-certificates:/var/certificates
+      - pangolin-data-dynamic:/var/dynamic
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
       interval: "10s"
@@ -57,8 +57,8 @@ services:
       - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
       - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
       # Shared volume for certificates and dynamic config in file mode 
-      - pangolin-data:/var/certificates:ro
-      - pangolin-data:/var/dynamic:ro
+      - pangolin-data-certificates:/var/certificates:ro
+      - pangolin-data-dynamic:/var/dynamic:ro
 
 networks:
   default:
@@ -67,4 +67,5 @@ networks:
 {{if .EnableIPv6}}    enable_ipv6: true{{end}}
 
 volumes:
-  pangolin-data:
+  pangolin-data-dynamic:
+  pangolin-data-certificates:
diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts
index 0c1c543c..2342d7fd 100644
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -269,8 +269,39 @@ hybridRouter.get(
             const traefikConfig = await getTraefikConfig(
                 remoteExitNode.exitNodeId,
                 ["newt", "local", "wireguard"], // Allow them to use all the site types
-                true // But don't allow domain namespace resources
+                true, // But don't allow domain namespace resources
+                false // Dont include login pages
             );
+
+            const badgerMiddlewareName = "badger";
+            if (traefikConfig?.http?.middlewares) {
+                traefikConfig.http.middlewares[badgerMiddlewareName] = {
+                    plugin: {
+                        [badgerMiddlewareName]: {
+                            apiBaseUrl: new URL(
+                                "/api/v1",
+                                `http://${
+                                    config.getRawConfig().server
+                                        .internal_hostname
+                                }:${config.getRawConfig().server.internal_port}`
+                            ).href,
+                            userSessionCookieName:
+                                config.getRawConfig().server
+                                    .session_cookie_name,
+
+                            // deprecated
+                            accessTokenQueryParam:
+                                config.getRawConfig().server
+                                    .resource_access_token_param,
+
+                            resourceSessionRequestParam:
+                                config.getRawConfig().server
+                                    .resource_session_request_param
+                        }
+                    }
+                };
+            }
+
             return response(res, {
                 data: traefikConfig,
                 success: true,