diff --git a/k8s/README.md b/k8s/README.md
index 4f8c348..4b9513c 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -73,6 +73,11 @@ k apply -f openebs/storageclass.yml
 
 Switching to [Bitnami chart](https://artifacthub.io/packages/helm/bitnami/minio) as "normal" chart just too big.
 
+Links:
+
+* [minio-console.haumdaucher.de](minio-console.haumdaucher.de)
+* [minio.haumdaucher.de](minio.haumdaucher.de)
+
 ```sh
 helm repo update
 helm upgrade --install -f minio/minio.secret.yaml --namespace minio --create-namespace minio bitnami/minio
diff --git a/k8s/minio/minio.secret.yaml b/k8s/minio/minio.secret.yaml
index 1a64200..e11e6a0 100644
Binary files a/k8s/minio/minio.secret.yaml and b/k8s/minio/minio.secret.yaml differ
diff --git a/k8s/nextcloud/nextcloud.secret.yml b/k8s/nextcloud/nextcloud.secret.yml
index 8ef6f06..63879a1 100644
--- a/k8s/nextcloud/nextcloud.secret.yml
+++ b/k8s/nextcloud/nextcloud.secret.yml
@@ -1,18 +1,64 @@
+phpClientHttpsFix:
+  enabled: "true" 
+  protocol: "https"
+
 
 ingress:
   enabled: true
+  ingressClass: nginx
   annotations:
     kubernetes.io/ingress.class: "nginx"    
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 4G
+    nginx.ingress.kubernetes.io/server-snippet: |-
+      server_tokens off;
+      proxy_hide_header X-Powered-By;
+
+      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+      location = /.well-known/carddav {
+        return 301 $scheme://$host/remote.php/dav;
+      }
+      location = /.well-known/caldav {
+        return 301 $scheme://$host/remote.php/dav;
+      }
+      location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+      }
+      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        deny all;
+      }
+      location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+        deny all;
+      }
   tls:
   - hosts:
     - "cloud.haumdaucher.de"
     secretName: cloud-haumdaucher-de
+  
 nextcloud:
   host: "cloud.haumdaucher.de"
   username: admin
   password: loKeengoo6OoZaevahZai4Hie
+  configs:
+    proxy.config.php: |-
+      <?php
+      $CONFIG = array (
+        'trusted_proxies' => array(
+          0 => '127.0.0.1',
+          1 => '10.0.0.0/8',
+          2 => '136.243.23.215',
+        ),
+        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
+      );
 cronjob:
   enabled: true
 internalDatabase: