diff --git a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
index 8e15351fd..34de861f4 100644
--- a/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
+++ b/tandoor_recipes/rootfs/etc/nginx/servers/ingress.conf
@@ -5,34 +5,64 @@ server {
     client_max_body_size 0;
 
     location / {
-       proxy_pass http://127.0.0.1:8080;
-       proxy_buffering off;
-       proxy_read_timeout 30;
-       proxy_set_header Connection "Upgrade";
-       proxy_set_header Upgrade $http_upgrade;
-       proxy_set_header Host $http_host;                   # try $host instead if this doesn't work
-       proxy_set_header X-Forwarded-Proto $scheme;         # http or https
-        
-       # Allow ingress subpath
-       proxy_set_header X-Script-Name %%ingress_entry%%;
-       proxy_cookie_path / %%ingress_entry%%;
+    # Security
+    ######################
+    allow 172.30.32.2;
+    deny all;
+    
+    # Base
+    ######################
+    #proxy_bind $server_addr;
+    proxy_pass http://127.0.0.1:8080;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_buffering off;
+    proxy_read_timeout 30;
 
-       # Rewrite url
-       sub_filter_once off;
-       sub_filter_types *;
-       sub_filter "/static" "%%ingress_entry%%/static";
-       sub_filter "/media" "%%ingress_entry%%/media";
-       sub_filter "/view" "%%ingress_entry%%/view";
-       sub_filter "/search" "%%ingress_entry%%/search";
-       sub_filter "/edit" "%%ingress_entry%%/edit";
-       sub_filter "/api" "%%ingress_entry%%/api";
-       sub_filter "%%ingress_entry%%/api/hassio" "/api/hassio";
+    # Avoid mixed contents
+    ######################
+    if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$")
+    {
+      set $x_scheme $1;
+      set $x_host $2;
+      set $x_port ":$3";
+    }
+    if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$")
+    {
+      set $x_scheme $1;
+      set $x_host $2;
+      set $x_port "";
+    }
+    proxy_set_header X-Scheme $x_scheme;
+    proxy_redirect http://$host/ $x_scheme://$x_host$x_port/;
+    proxy_redirect $x_scheme://$host/ $x_scheme://$x_host$x_port/;
 
-       # Allow frames
-       proxy_hide_header "Content-Security-Policy";
-       add_header X-Frame-Options SAMEORIGIN;
-       add_header Access-Control-Allow-Origin *;
-       proxy_set_header Accept-Encoding "";
+    # Allow subpath
+    ######################
+    proxy_set_header X-Script-Name %%ingress_entry%%;
+    proxy_cookie_path / %%ingress_entry%%;
+
+    # Allow iframe
+    ######################
+    proxy_hide_header "Content-Security-Policy";
+    proxy_hide_header X-Frame-Options;
+    add_header Access-Control-Allow-Origin *;
+    proxy_set_header Accept-Encoding "";
+
+    # Rewrite url
+    ######################
+    sub_filter_once off;
+    sub_filter_types *;
+    sub_filter "/static" "%%ingress_entry%%/static";
+    sub_filter "/media" "%%ingress_entry%%/media";
+    sub_filter "/view" "%%ingress_entry%%/view";
+    sub_filter "/search" "%%ingress_entry%%/search";
+    #sub_filter "/edit" "%%ingress_entry%%/edit";
+    #sub_filter "/api" "%%ingress_entry%%/api";
+    #sub_filter "%%ingress_entry%%/api/hassio" "/api/hassio";
+       
     }
  
 }