diff --git a/.github/workflows/deploy-gke.yaml b/.github/workflows/deploy-gke.yaml
index 078d919..b16ae97 100644
--- a/.github/workflows/deploy-gke.yaml
+++ b/.github/workflows/deploy-gke.yaml
@@ -31,7 +31,7 @@ jobs:
         cd webapp
         docker build \
           --tag docker.io/levaitamas/webrtc-observer-webapp \
-          --build-arg host="wss://webrtc-observer.org:9081" \
+          --build-arg host="wss://webrtc-observer.org:443" \
           .
         cd ../media-server
         docker build \
diff --git a/charts/webrtc-observer-org/README.md b/charts/webrtc-observer-org/README.md
index 5a6808e..da5584d 100644
--- a/charts/webrtc-observer-org/README.md
+++ b/charts/webrtc-observer-org/README.md
@@ -15,6 +15,7 @@ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/
 - nginx-controller ([docs](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke))
 ```console
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/cloud/deploy.yaml
+kubectl patch configmap -n ingress-nginx ingress-nginx-controller -p '{"data":{"allow-snippet-annotations": "true"}}'
 ```
 
 - stunner-gateway-operator ([docs](https://docs.l7mp.io/en/stable/INSTALL/))
diff --git a/charts/webrtc-observer-org/templates/mediaserver.yaml b/charts/webrtc-observer-org/templates/mediaserver.yaml
index 8980b4b..de84f8b 100644
--- a/charts/webrtc-observer-org/templates/mediaserver.yaml
+++ b/charts/webrtc-observer-org/templates/mediaserver.yaml
@@ -47,10 +47,10 @@ metadata:
   labels:
     app: mediaserver
 spec:
-  type: LoadBalancer
-  loadBalancerIP: {{ .Values.publicIP }}
+  type: ClusterIP
   ports:
-  - port: 9081
+  - port: 443
+    targetPort: 9081
     protocol: TCP
     name: mediaserver-ws
   selector:
diff --git a/charts/webrtc-observer-org/templates/webapp.yaml b/charts/webrtc-observer-org/templates/webapp.yaml
index 2fd7e32..6080b85 100644
--- a/charts/webrtc-observer-org/templates/webapp.yaml
+++ b/charts/webrtc-observer-org/templates/webapp.yaml
@@ -53,9 +53,10 @@ metadata:
   annotations:
     kubernetes.io/ingress.global-static-ip-name: webrtc-observer-org
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-    # nginx.org/websocket-services: "mediaserver-ws"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.org/websocket-services: "mediaserver-ws"
 spec:
   ingressClassName: nginx
   tls:
@@ -63,20 +64,20 @@ spec:
         - {{ .Values.domain }}
       secretName: webapp-tls
   rules:
-  - host: {{ .Values.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: webapp
-            port:
-              number: 80
-      # - path: /
-      #   pathType: Prefix
-      #   backend:
-      #     service:
-      #       name: mediaserver-ws
-      #       port:
-      #         number: 9081
+    - host: {{ .Values.domain }}
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: mediaserver-ws
+              port:
+                number: 443
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: webapp
+              port:
+                number: 80