diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
index 3d1d729..50e7451 100644
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@@ -1,27 +1,20 @@
-map $http_x_forwarded_port $nc_port {
-  default "$http_x_forwarded_port";
-  ''      "$server_port";
-}
-
-map $http_x_forwarded_proto $nc_proto {
-  default "$http_x_forwarded_proto";
-  ''      "$scheme";
-}
-
 server {
         listen 8888;
         root /nextcloud;
 
+        # Emit relative redirects (protocol handled by reverse proxy)
+        absolute_redirect off;
+
         fastcgi_buffers 64 4K;
         fastcgi_hide_header X-Powered-By;
         large_client_header_buffers 4 16k;
+        client_body_timeout 300s;
 
         add_header Referrer-Policy "no-referrer" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Permitted-Cross-Domain-Policies "none" always;
         add_header X-Robots-Tag "noindex, nofollow" always;
-        add_header X-XSS-Protection "0" always;
 
         location = /robots.txt {
             allow all;
@@ -30,14 +23,18 @@ server {
         }
 
         location ^~ /.well-known {
-            location = /.well-known/carddav   { return 301 $nc_proto://$host/remote.php/dav/; }
-            location = /.well-known/caldav    { return 301 $nc_proto://$host/remote.php/dav/; }
-            location ^~ /.well-known          { return 301 $nc_proto://$host/index.php$uri;  }
-            try_files $uri $uri/ =404;
+            location = /.well-known/carddav { return 301 /remote.php/dav/; }
+            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+            return 301 /index.php$request_uri;
         }
 
         location / {
-            rewrite ^ /index.php$uri;
+            rewrite ^ /index.php$request_uri;
+        }
+
+        location /remote {
+            return 301 /remote.php$request_uri;
         }
 
         location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
@@ -48,9 +45,9 @@ server {
             return 404;
         }
 
-        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy)\.php(?:$|\/) {
             include /etc/nginx/fastcgi_params;
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param PATH_INFO $fastcgi_path_info;
             fastcgi_param modHeadersAvailable true;
@@ -61,25 +58,20 @@ server {
             fastcgi_read_timeout 1200;
         }
 
-        location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
+        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
             try_files $uri/ =404;
             index index.php;
         }
 
-        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
-            try_files $uri /index.php$uri$is_args$args;
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|jpeg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
+            try_files $uri /index.php$request_uri;
             expires 6M;
             access_log off;
         }
 
-        location ~ \.(otf|woff2)?$ {
-            try_files $uri /index.php$uri$is_args$args;
+        location ~ \.(otf|woff2?)$ {
+            try_files $uri /index.php$request_uri;
             expires 7d;
             access_log off;
         }
-
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
-            try_files $uri /index.php$uri$is_args$args;
-            access_log off;
-        }
 }