diff --git a/photoprism/rootfs/etc/nginx/servers/ingress.conf b/photoprism/rootfs/etc/nginx/servers/ingress.conf
index 2259ea571..685ef1ea8 100644
--- a/photoprism/rootfs/etc/nginx/servers/ingress.conf
+++ b/photoprism/rootfs/etc/nginx/servers/ingress.conf
@@ -13,14 +13,19 @@ server {
 
        # Proxy
        proxy_pass http://127.0.0.1:2341;
-       proxy_buffering off;
+
        proxy_read_timeout 300;
+       proxy_redirect           off;
+       proxy_buffering off;                                                    # Do not hold back the request while the client sends data, give the stream directly to PP
+       proxy_set_header         X-Real-IP $remote_addr;                        # Let PP know the clients real IP
+       proxy_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;    # Let PP know that a proxy did forward this request
+       proxy_set_header         Host $http_host;                               # Set Proxy host info
 
        # Websockets
-       proxy_http_version 1.1;
-       proxy_set_header Connection "Upgrade";
-       proxy_set_header Upgrade $http_upgrade;
-       proxy_set_header Host $host;
+       proxy_http_version 1.1;                                                 # Required for WebSocket connection
+       proxy_set_header Upgrade $http_upgrade;                                 # Allow protocol switch to websocket
+       proxy_set_header Connection "Upgrade";                                  # Do protocol switch
+       proxy_set_header X-Forwarded-Proto $scheme;                             # Let PP know that this connection used HTTP or HTTPS
 
        # Rewrite url
        sub_filter_once off;
@@ -31,7 +36,6 @@ server {
        sub_filter "/api/v1%%ingress_entry%%" "%%ingress_entry%%/api/v1";
 
        # Allow frames
-       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_hide_header "Content-Security-Policy";
        add_header X-Frame-Options SAMEORIGIN;
        add_header Access-Control-Allow-Origin *;