diff --git a/hosts/tls_sni.nix b/hosts/tls_sni.nix
index b870e92..58e2195 100644
--- a/hosts/tls_sni.nix
+++ b/hosts/tls_sni.nix
@@ -3,31 +3,28 @@
     services.nginx = {
         streamConfig = ''
             map $ssl_preread_server_name $target_backend {
-                md.gvfr.de rupert;
-                rupert.gvfr.de rupert;
-                default localserv;
+                default         rupert;
+                md.gvfr.de      rupert;
+                rupert.gvfr.de  rupert;
+                git.25120.org   localserv;
             }
 
             upstream rupert {
-                server rupert.gvfr.de:4431;
+                zone upstream_rupert 64k;
+
+                server rupert.gvfr.de:4431 resolve;
+                resolver 9.9.9.9 ipv4=off ipv6=on;
             }
 
             upstream localserv {
-                server localhost:4431;
+                server 127.0.0.1:4431;
             }
 
             server {
                 listen 443;
                 ssl_preread on;
-
-                # proxy_connect_timeout 1s;
-                # proxy_timeout 3s;
-                # resolver 1.1.1.1;
-
-                proxy_pass $target_backend;
-                proxy_next_upstream off;
-
                 proxy_protocol on;
+                proxy_pass $target_backend;
             }
         '';