diff --git a/hosts/by-name/servo/services/nginx.nix b/hosts/by-name/servo/services/nginx.nix
index 11cee4c7..c9c6ead7 100644
--- a/hosts/by-name/servo/services/nginx.nix
+++ b/hosts/by-name/servo/services/nginx.nix
@@ -19,12 +19,14 @@ in
     visibleTo.lan = true;
     visibleTo.wan = true;
     visibleTo.ovpns = true;  # so that letsencrypt can procure a cert for the mx record
+    visibleTo.doof = true;
     description = "colin-http-uninsane.org";
   };
   sane.ports.ports."443" = {
     protocol = [ "tcp" ];
     visibleTo.lan = true;
     visibleTo.wan = true;
+    visibleTo.doof = true;
     description = "colin-https-uninsane.org";
   };
 
diff --git a/scripts/check-uninsane b/scripts/check-uninsane
index 552475dc..6fd83884 100755
--- a/scripts/check-uninsane
+++ b/scripts/check-uninsane
@@ -5,6 +5,9 @@ echo "this script will check that uninsane.org is baseline operational"
 echo "it doesn't check all services, just the most critical ones"
 echo ""
 
+OVPNS_IPV4=185.157.162.178
+DOOF_IPV4=205.201.63.12
+
 last_error=0
 check() {
   local label=$1
@@ -37,9 +40,14 @@ check "https://uninsane.org online" curl --silent --fail-with-body https://unins
 check "https://matrix.uninsane.org online" curl --silent --fail-with-body https://matrix.uninsane.org
 check "https://fed.uninsane.org online" curl --silent --fail-with-body https://fed.uninsane.org
 
-# port 80 is accessible also from OVPN:
+# port 80 is accessible also from my VPNs
 check "http://uninsane.org online" curl --silent --fail-with-body http://uninsane.org
-check "http://uninsane.org online" curl "--connect-to" "uninsane.org:443:185.157.162.178:443" --silent --fail-with-body http://uninsane.org
+check "http://uninsane.org online" curl "--connect-to" "uninsane.org:80:$OVPNS_IPV4:80" --silent --fail-with-body http://uninsane.org
+check "http://uninsane.org online" curl "--connect-to" "uninsane.org:80:$DOOF_IPV4:80" --silent --fail-with-body http://uninsane.org
+
+# port 443 is accessible over doofnet
+check "https://uninsane.org online" curl "--connect-to" "uninsane.org:443:$DOOF_IPV4:443" --silent --fail-with-body https://uninsane.org
+check "https://matrix.uninsane.org online" curl "--connect-to" "matrix.uninsane.org:443:$DOOF_IPV4:443" --silent --fail-with-body https://matrix.uninsane.org
 
 check "uninsane.org DMARC record" nslookup -querytype=TXT _dmarc.uninsane.org.