diff --git a/hosts/defiant/services/nginx.nix b/hosts/defiant/services/nginx.nix
index ba687f7..c7b18ca 100644
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@@ -40,34 +40,21 @@
       forceSSL = true;
 
       locations."/".proxyPass = "${upstream}";
-    };
-  in {
-    "jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
-    "git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
-    "wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
-
-    "cloud.feal.no" = {
-      listen = [
-        { addr = "192.168.10.175"; port = 43443; ssl = true; }
-        { addr = "192.168.10.175"; port = 43080; ssl = false; }
-      ];
-      enableACME = true;
-      forceSSL = true;
 
       extraConfig = ''
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        server_tokens off;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
 
-        # HSTS settings
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+        server_tokens off;
       '';
-      locations."/".proxyPass = "http://voyager.home.feal.no/";
     };
+  in {
+    "auth.feal.no" = publicProxy "https://voyager.home.feal.no";
+    "cloud.feal.no" = publicProxy "http://voyager.home.feal.no";
+    "git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
+    "jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
+    "wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
   };
 }