diff --git a/tuto3.yml b/tuto3.yml
index 1279da2..e236736 100644
--- a/tuto3.yml
+++ b/tuto3.yml
@@ -213,6 +213,21 @@ services:
       - /etc/hosts:/etc/hosts:ro
       - /etc/dresolv.conf:/etc/resolv.conf
       - /etc/services:/etc/services:ro
+  - name: web
+    image: nemunaire/tinydeb:eaa617bf726fb4cadfa22b3947709579e6001212
+    net: /run/netns/web
+    pid: new
+    ipc: new
+    uts: new
+    hostname: vitrine
+    command: ["/sbin/init"]
+    capabilities:
+     - all
+    mounts:
+      - type: cgroup
+        options: ["rw","nosuid","noexec","nodev","relatime"]
+    binds:
+      - /etc/dresolv.conf:/etc/resolv.conf
 
 files:
   - path: etc/hosts
@@ -350,6 +365,17 @@ files:
         ip netns exec ttrss ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
       }
 
+      ip netns add web
+      ip link add vethin-web type veth peer name veth-web
+      ip link set vethin-web netns web
+      ip netns exec web ip link set vethin-web up
+      ip netns exec web ip a add 172.23.42.7/24 dev vethin-web
+      ip netns exec web ip route add default via 172.23.42.1
+      grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
+        ip netns exec web ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:7/96#") dev vethin-web
+        ip netns exec web ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
+      }
+
       # Network: bridges
       ip l add brsrv type bridge
       ip link set veth-srv master brsrv
@@ -358,12 +384,14 @@ files:
       ip link set veth-db master brsrv
       ip link set veth-chat master brsrv
       ip link set veth-ttrss master brsrv
+      ip link set veth-web master brsrv
       ip link set veth-srv up
       ip link set veth-ns up
       ip link set veth-nsauth up
       ip link set veth-db up
       ip link set veth-chat up
       ip link set veth-ttrss up
+      ip link set veth-web up
       ip link set brsrv up
 
       ip l add brwks type bridge
@@ -390,6 +418,8 @@ files:
       sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/matrix/rootfs/etc/shadow
       cp /etc/services /containers/services/matrix/rootfs/etc/services
       sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/ns-auth/rootfs/etc/shadow
+      cp /etc/services /containers/services/web/rootfs/etc/services
+      sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/web/rootfs/etc/shadow
       exit 0
     mode: "0555"
 
@@ -471,6 +501,7 @@ files:
               local-zone: "adlin.p0m.fr" typetransparent
               local-data: "news.adlin.p0m.fr A 172.23.42.1"
               local-data: "matrix.adlin.p0m.fr A 172.23.42.1"
+              local-data: "www.adlin.p0m.fr A 172.23.42.1"
       remote-control:
              control-enable: no
       forward-zone: