diff --git a/conf/nginx.conf b/conf/nginx.conf
index fb4cd15..8b9e4ea 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,48 +1,41 @@
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
-location __PATH__/ {
+client_max_body_size 10m;
 
-  proxy_pass http://127.0.0.1:__PORT__;
+location / {
+  try_files $uri @proxy;
+
+  # Include SSOWAT user panel.
+  include conf.d/yunohost_panel.conf.inc;
+}
+
+location @proxy {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto https;
-  proxy_http_version 1.1;
+  proxy_set_header Proxy "";
+  proxy_pass_header Server;
+
+  proxy_pass http://127.0.0.1:__PORT__;
+  proxy_buffering on;
   proxy_redirect off;
-
-  # For WebSocket
+  proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection $connection_upgrade;
+  proxy_set_header Connection "upgrade";
 
-  # Cache settings
-  #proxy_cache cache1;
-  proxy_cache_lock on;
-  proxy_cache_use_stale updating;
-  more_set_headers "X-Cache: $upstream_cache_status";
-  # Change to upload limit
-  client_max_body_size 80m;
-  # Include SSOWAT user panel.
-  include conf.d/yunohost_panel.conf.inc;
-
-
-    # rate limit the login or password reset pages
-    location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
-        limit_req zone=loginlimit;
-        proxy_pass http://127.0.0.1:__PORT__;
-    }
-
-    location /api/updates/ {
-        access_log off;
-        proxy_pass http://127.0.0.1:__PORT__;
-    }
-
-    # directly serve images and static files from the
-    # bookwyrm filesystem using sendfile.
-    # make the logs quieter by not reporting these requests
-    location ~ ^/(images|static)/ {
-        root /app;
-        try_files $uri =404;
-        more_set_headers "X-Cache-Status: STATIC";
-        access_log off;
-    }
+  #proxy_cache CACHE;
+  proxy_cache_valid 200 7d;
+  proxy_cache_valid 410 24h;
+  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+  more_set_headers "X-Cached: $upstream_cache_status";
+  more_set_headers "Strict-Transport-Security: max-age=31536000";
 
+  tcp_nodelay on;
+}
+
+location /images/ {
+  alias __FINALPATH__/images/;
+}
+
+location /static/ {
+  alias __FINALPATH__/static/;
 }