diff --git a/roles/podman_link/templates/home/nginx.conf b/roles/podman_link/templates/home/nginx.conf
index 594d187..4f32515 100644
--- a/roles/podman_link/templates/home/nginx.conf
+++ b/roles/podman_link/templates/home/nginx.conf
@@ -1,48 +1,28 @@
+# {{ ansible_managed }}
+
 resolver 10.89.0.1 ipv6=off valid=10s;
 
-# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
-# scheme used to connect to this server
-map $http_x_forwarded_proto $proxy_x_forwarded_proto {
-  default $http_x_forwarded_proto;
-  ''      $scheme;
-}
-# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
-# server port the client connected to
-map $http_x_forwarded_port $proxy_x_forwarded_port {
-  default $http_x_forwarded_port;
-  ''      $server_port;
-}
 # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
 # Connection header that may have been passed to this server
 map $http_upgrade $proxy_connection {
   default upgrade;
   '' close;
 }
+
 # Apply fix for very long server names
 server_names_hash_bucket_size 128;
-# Default dhparam
-# Set appropriate X-Forwarded-Ssl header
-map $scheme $proxy_x_forwarded_ssl {
-  default off;
-  https on;
-}
+
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-log_format vhost '$host $remote_addr - $remote_user [$time_local] '
-                 '"$request" $status $body_bytes_sent '
-                 '"$http_referer" "$http_user_agent"';
-access_log off;
+
 # HTTP 1.1 support
 proxy_http_version 1.1;
+
 proxy_buffering off;
 proxy_set_header Host $http_host;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $proxy_connection;
-proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
-proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
-proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
-# Mitigate httpoxy attack (see README for details)
+
+# Mitigate httpoxy attack
 proxy_set_header Proxy "";
 
 server {
@@ -66,13 +46,6 @@ upstream zammad {
 	server zammad-nginx:8080 resolve;
 }
 
-server {
-	server_name {{ podman_link_web_hostname }};
-	listen 80 ;
-	access_log /var/log/nginx/access.log vhost;
-	return 301 https://$host$request_uri;
-}
-
 server {
 	server_name {{ podman_link_web_hostname }};
     listen 443 ssl;
@@ -83,12 +56,16 @@ server {
     ssl_certificate /etc/letsencrypt/live/{{ podman_link_web_hostname }}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/{{ podman_link_web_hostname }}/privkey.pem;
 
-
 	add_header Strict-Transport-Security "max-age=31536000" always;
-	add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the Matomo instance
+	add_header Referrer-Policy origin always;  # make sure outgoing links don't show the URL to the Matomo instance
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
+
 	location / {
 		proxy_pass http://zammad;
+		proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
 	}
-}
\ No newline at end of file
+}