diff --git a/infrastructure/ingress/nomad.hcl b/infrastructure/ingress/nomad.hcl
index 0348f41..8714ada 100644
--- a/infrastructure/ingress/nomad.hcl
+++ b/infrastructure/ingress/nomad.hcl
@@ -450,7 +450,30 @@ server {
 
   client_max_body_size 100M;
 
-  location /jellyfin {
+  location /jellyfin/ {
+     # Proxy main Jellyfin traffic
+
+     # The / at the end is significant.
+     # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
+
+     proxy_pass http://jellyfin/jellyfin/;
+
+     proxy_pass_request_headers on;
+
+     proxy_set_header Host $host;
+
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     proxy_set_header X-Forwarded-Proto $scheme;
+     proxy_set_header X-Forwarded-Host $http_host;
+
+     proxy_set_header Upgrade $http_upgrade;
+     proxy_set_header Connection $http_connection;
+
+     # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+     proxy_buffering off;
+  }
+
   location /syncthing/ {
     include /local/headers.conf;
 
@@ -479,16 +502,16 @@ server {
     proxy_pass http://home-assistant;
   }
 
-  location /zigbee2mqtt {
+  location /zigbee2mqtt/ {
     include /local/headers.conf;
 
-    rewrite /zigbee2mqtt/(.*) /$1 break;
+#    rewrite /zigbee2mqtt/(.*) /$1 break;
 
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
 
-    proxy_pass http://zigbee2mqtt;
+    proxy_pass http://zigbee2mqtt/;
   }
 }
 
@@ -501,9 +524,28 @@ server {
 
   client_max_body_size 100M;
 
-  location /jellyfin {
-    include /local/headers.conf;
-    proxy_pass http://jellyfin;
+  location /jellyfin/ {
+     # Proxy main Jellyfin traffic
+
+     # The / at the end is significant.
+     # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
+
+     proxy_pass http://jellyfin/jellyfin/;
+
+     proxy_pass_request_headers on;
+
+     proxy_set_header Host $host;
+
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+     proxy_set_header X-Forwarded-Proto $scheme;
+     proxy_set_header X-Forwarded-Host $http_host;
+
+     proxy_set_header Upgrade $http_upgrade;
+     proxy_set_header Connection $http_connection;
+
+     # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+     proxy_buffering off;
   }
 }
 EOF