diff --git a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
index 34e0578de..7907b4006 100644
--- a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
+++ b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
@@ -3,17 +3,18 @@ server {
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/proxy_params.conf;
     client_max_body_size 0;
+    proxy_buffering off;
+    proxy_read_timeout 30;
 
     location / {
        proxy_pass http://127.0.0.1:8080;
-       proxy_buffering off;
-       proxy_read_timeout 30;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Upgrade $http_upgrade;
-       proxy_set_header Host $http_host;                   # try $host instead if this doesn't work
-       proxy_set_header X-Forwarded-Proto $scheme;         # http or https
+       proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Host $server_name;
+       proxy_set_header X-Forwarded-Proto $scheme;
         
        # Allow ingress subpath
        proxy_set_header X-Script-Name %%ingress_entry%%;
@@ -29,8 +30,7 @@ server {
        #sub_filter "/edit/" "%%ingress_entry%%/edit/";
 
        # Allow frames
-       proxy_hide_header "Content-Security-Policy";
-       add_header X-Frame-Options SAMEORIGIN;
+       proxy_hide_header X-Frame-Options;
        add_header Access-Control-Allow-Origin *;
        proxy_set_header Accept-Encoding "";
     }