diff --git a/seerr/rootfs/etc/nginx/servers/ingress.conf b/seerr/rootfs/etc/nginx/servers/ingress.conf
index 209384568..91ebeb182 100644
--- a/seerr/rootfs/etc/nginx/servers/ingress.conf
+++ b/seerr/rootfs/etc/nginx/servers/ingress.conf
@@ -7,37 +7,43 @@ server {
     gzip_static off;
     client_max_body_size 0;
 
-    # Based on https://github.com/seerr-team/seerr/blob/develop/docs/extending-seerr/reverse-proxy.mdx
     location ^~ / {
         set $app '%%ingress_entry%%';
 
-        # HA Supervisor strips the ingress entry prefix, so no rewrite is needed.
-        # Avoiding rewrite ensures proxy_pass uses the raw $request_uri,
-        # which preserves URL encoding (e.g. spaces as + in query strings).
-        proxy_pass http://127.0.0.1:5055;
+        # Forward the raw request URI exactly as received by this nginx.
+        # This is the safest way to preserve query-string encoding.
+        proxy_pass http://127.0.0.1:5055$request_uri;
 
         proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-
-        proxy_hide_header X-Powered-By;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Real-Port $remote_port;
+        proxy_set_header X-Forwarded-Host $host:$remote_port;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Port $remote_port;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
         proxy_set_header Accept-Encoding "";
+
+        proxy_hide_header X-Powered-By;
         proxy_read_timeout 90;
         add_header X-Frame-Options "SAMEORIGIN";
-        add_header 'Referrer-Policy' 'no-referrer';
+        add_header Referrer-Policy "no-referrer";
 
-        # Redirect location headers
         absolute_redirect off;
         proxy_redirect ^ $app;
         proxy_redirect /setup $app/setup;
         proxy_redirect /login $app/login;
 
-        # Sub filters to replace hardcoded paths
         sub_filter_once off;
-        sub_filter_types *;
+
+        # Do not rewrite every response type blindly.
+        sub_filter_types text/html application/javascript text/javascript application/json;
+
         sub_filter 'href="/"' 'href="$app"';
         sub_filter 'href="/login"' 'href="$app/login"';
         sub_filter 'href:"/"' 'href:"$app"';