diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix
index a9c3ff2..2db269a 100644
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@@ -100,7 +100,7 @@
                     set -e
                     echo "Ensuring rupert.gvfr.de is up."
                     ${pkgs.dig}/bin/nslookup rupert.gvfr.de
-                    ${pkgs.unixtools.ping}/bin/ping -c2 rupert.gvfr.de
+                    ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null
                     echo "Opening SSH tunnel."
                     ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
                     echo "Beginning backup operation."
@@ -144,13 +144,6 @@
 
     services.postgresql.package = pkgs.postgresql_13;
 
-    services.logrotate = {
-        enable = true;
-        settings.nginx = {
-            rotate = 2;
-        };
-    };
-
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It’s perfectly fine and recommended to leave
diff --git a/hosts/forgejo.nix b/hosts/forgejo.nix
index 6d9a789..6b2145d 100644
--- a/hosts/forgejo.nix
+++ b/hosts/forgejo.nix
@@ -126,28 +126,7 @@ in
             extraConfig = ''
                 # Maximum upload file size for git-lfs
                 client_max_body_size 100M;
-
-                set_real_ip_from 127.0.0.1;
-                set_real_ip_from ::1;
-                real_ip_header proxy_protocol;
-                proxy_set_header X-Real-IP $proxy_protocol_addr;
-                proxy_set_header X-Fowarded-For $proxy_protocol_addr;
-
-                access_log /var/log/nginx/access.${domain}.log combined_realip;
             '';
-            locations."/awstats/" = {
-                basicAuthFile = "/secrets/webstats_auth";
-            };
-        };
-    };
-
-    services.awstats = {
-        enable = true;
-        updateAt = "hourly";
-        configs."${domain}" = {
-            logFile = "/var/log/nginx/access.${domain}.log";
-            domain = domain;
-            webService.enable = true;
         };
     };
 
diff --git a/hosts/tls_sni.nix b/hosts/tls_sni.nix
index b870e92..be9ce62 100644
--- a/hosts/tls_sni.nix
+++ b/hosts/tls_sni.nix
@@ -9,7 +9,7 @@
             }
 
             upstream rupert {
-                server rupert.gvfr.de:4431;
+                server rupert.gvfr.de:443;
             }
 
             upstream localserv {
@@ -18,42 +18,16 @@
 
             server {
                 listen 443;
-                ssl_preread on;
 
                 # proxy_connect_timeout 1s;
                 # proxy_timeout 3s;
                 # resolver 1.1.1.1;
 
                 proxy_pass $target_backend;
-                proxy_next_upstream off;
-
-                proxy_protocol on;
+                ssl_preread on;
             }
         '';
 
-        defaultListen = [
-            {
-                addr = "0.0.0.0";
-                port = 80;
-                ssl = false;
-            }
-            {
-                addr = "[::0]";
-                port = 80;
-                ssl = false;
-            }
-            {
-                addr = "0.0.0.0";
-                port = 4431;
-                ssl = true;
-                proxyProtocol = true;
-            }
-            {
-                addr = "[::0]";
-                port = 4431;
-                ssl = true;
-                proxyProtocol = true;
-            }
-        ];
+        defaultSSLListenPort = 4431;
     };
 }