diff --git a/terranix/containers/ingress-blowhole/hass.conf b/terranix/containers/ingress-blowhole/hass.conf
new file mode 100644
index 0000000..bac0349
--- /dev/null
+++ b/terranix/containers/ingress-blowhole/hass.conf
@@ -0,0 +1,14 @@
+include /local/security.conf;
+
+location / {
+  include /local/headers.conf;
+
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+
+  proxy_pass http://home-assistant/;
+
+  # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+  proxy_buffering off;
+}
\ No newline at end of file
diff --git a/terranix/containers/ingress-blowhole/jellyfin.conf b/terranix/containers/ingress-blowhole/jellyfin.conf
new file mode 100644
index 0000000..fb9b90b
--- /dev/null
+++ b/terranix/containers/ingress-blowhole/jellyfin.conf
@@ -0,0 +1,27 @@
+include /local/security.conf;
+
+client_max_body_size 100M;
+
+location / {
+  # Proxy main Jellyfin traffic
+
+  # The / at the end is significant.
+  # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
+
+  proxy_pass http://jellyfin/;
+
+  proxy_pass_request_headers on;
+
+  proxy_set_header Host $host;
+
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header X-Forwarded-Host $http_host;
+
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+
+  # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+  proxy_buffering off;
+}
\ No newline at end of file
diff --git a/terranix/containers/ingress-blowhole/job.hcl b/terranix/containers/ingress-blowhole/job.hcl
index ee9c56c..3fe2bdb 100644
--- a/terranix/containers/ingress-blowhole/job.hcl
+++ b/terranix/containers/ingress-blowhole/job.hcl
@@ -294,9 +294,17 @@ EOF
       }
 
       template {
-        data = var.
+        data = var.jellyfin
 
-        destination   = "local/upstreams.conf"
+        destination   = "local/jellyfin.conf"
+        change_mode   = "signal"
+        change_signal = "SIGHUP"
+      }
+
+      template {
+        data = var.hass
+
+        destination   = "local/hass.conf"
         change_mode   = "signal"
         change_signal = "SIGHUP"
       }
diff --git a/terranix/containers/ingress-blowhole/upstreams.conf b/terranix/containers/ingress-blowhole/upstreams.conf
index 8e7bb79..338b05b 100644
--- a/terranix/containers/ingress-blowhole/upstreams.conf
+++ b/terranix/containers/ingress-blowhole/upstreams.conf
@@ -39,7 +39,7 @@ server {
 
   server_name jellyfin.in.redalder.org;
 
-  include /local/jellyfin.conf
+  include /local/jellyfin.conf;
 }
 
 server {
@@ -47,7 +47,7 @@ server {
 
   server_name _;
 
-  include /local/jellyfin.conf
+  include /local/jellyfin.conf;
 }
 
 
@@ -70,7 +70,7 @@ server {
 
   server_name hass.in.redalder.org;
 
-  include /local/hass.conf
+  include /local/hass.conf;
 }
 
 server {
@@ -80,10 +80,7 @@ server {
 
   include /local/security.conf;
 
-  location / {
-    include /local/headers.conf;
-    include /local/hass.conf
-  }
+  include /local/hass.conf;
 }
 
 server {