diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml
index 9e1fdd9..c3b25af 100644
--- a/conf/AdGuardHome.yaml
+++ b/conf/AdGuardHome.yaml
@@ -80,7 +80,7 @@ tls:
   port_dns_over_quic: 784
   port_dnscrypt: 0
   dnscrypt_config_file: ""
-  allow_unencrypted_doh: false
+  allow_unencrypted_doh: true
   strict_sni_check: false
   certificate_chain: ""
   private_key: ""
diff --git a/conf/nginx.conf b/conf/nginx.conf
index c4d82af..3a3bff2 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -17,8 +17,13 @@ location __PATH__/ {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-#location ~ .*.(gif|jpg|jpeg|png|bmp|swf|css|js)$ {
-#        proxy_pass http://127.0.0.1:__PORT__;
-#        proxy_set_header Host  $host;
-#        proxy_set_header X-Forwarded-For $remote_addr;
-#    }
+location /dns-query {
+  proxy_set_header Host $http_host;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_redirect off;
+  proxy_buffering on;
+  proxy_http_version 1.1;
+  proxy_read_timeout     6s;
+  proxy_connect_timeout  6s;
+  proxy_pass        http://127.0.0.1:__PORT__/dns-query;
+}
diff --git a/scripts/install b/scripts/install
index eeb5b06..cca67f4 100644
--- a/scripts/install
+++ b/scripts/install
@@ -185,6 +185,13 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
 yunohost service add $app --description="Ads & trackers blocking DNS server"
 
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Configuring permissions..."
+
+ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
+
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 3d1aeb6..41c6430 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -37,6 +37,11 @@ if [ "$adguard_port" -ne "53" ]; then
   ynh_app_setting_set --app=$app --key=adguard_port --value=$adguard_port
 fi
 
+# Create a permission if needed
+if ! ynh_permission_exists --permission="api"; then
+    ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================