diff --git a/pkg/rockpool/k3d.go b/pkg/rockpool/k3d.go
index 2262883..af8a2e8 100644
--- a/pkg/rockpool/k3d.go
+++ b/pkg/rockpool/k3d.go
@@ -137,13 +137,19 @@ func (r *Rockpool) CreateCluster(cn string) {
 
 	if cn == r.ControllerClusterName() {
 		cmdArgs = append(cmdArgs,
-			"-p", "80:80@loadbalancer",
-			"-p", "443:443@loadbalancer",
-			"-p", "2022:22@loadbalancer",
+			"--port", "80:80@loadbalancer",
+			"--port", "443:443@loadbalancer",
+			"--port", "2022:22@loadbalancer",
 			// Required for cross-cluster amqp.
-			"-p", "5672:5672@loadbalancer",
-			"-p", "6153:6153/udp@loadbalancer",
-			"-p", "6153:6153/tcp@loadbalancer",
+			"--port", "5672:5672@loadbalancer",
+			"--port", "6153:6153/udp@loadbalancer",
+			"--port", "6153:6153/tcp@loadbalancer",
+		)
+	} else { // Target cluster exposed ports.
+		cmdArgs = append(cmdArgs,
+			// Expose arbitrary ports for ingress-nginx.
+			"--port", "80@loadbalancer",
+			"--port", "443@loadbalancer",
 		)
 	}
 
diff --git a/pkg/rockpool/lagoon-components.go b/pkg/rockpool/lagoon-components.go
index de5cf4b..3f54e50 100644
--- a/pkg/rockpool/lagoon-components.go
+++ b/pkg/rockpool/lagoon-components.go
@@ -10,14 +10,14 @@ import (
 	"github.com/yusufhm/rockpool/internal"
 )
 
-func (r *Rockpool) InstallIngressNginx() {
-	cn := r.ControllerClusterName()
+func (r *Rockpool) InstallIngressNginx(cn string) {
 	_, err := r.HelmInstallOrUpgrade(cn, "ingress-nginx", "ingress-nginx",
 		"https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-3.40.0/ingress-nginx-3.40.0.tgz",
 		[]string{
 			"--create-namespace", "--wait",
 			"--set", "controller.config.ssl-redirect=false",
 			"--set", "controller.config.proxy-body-size=8m",
+			"--set", "server-name-hash-bucket-size=128",
 		},
 	)
 	if err != nil {
diff --git a/pkg/rockpool/rockpool.go b/pkg/rockpool/rockpool.go
index 3c0d232..142d1ac 100644
--- a/pkg/rockpool/rockpool.go
+++ b/pkg/rockpool/rockpool.go
@@ -97,6 +97,8 @@ func (r *Rockpool) Up(clusters []string) {
 		}
 		r.WgWait()
 
+		r.SetupNginxReverseProxyForRemotes()
+
 		// Do the following serially so as not to run into
 		// race conditions while doing the restarts.
 		for _, c := range setupTargets {
@@ -168,7 +170,7 @@ func (r *Rockpool) SetupLagoonController() {
 	r.InstallMailHog()
 
 	r.HelmList(r.ControllerClusterName())
-	r.InstallIngressNginx()
+	r.InstallIngressNginx(r.ControllerClusterName())
 	r.InstallCertManager()
 
 	r.InstallDnsmasq()
@@ -194,6 +196,7 @@ func (r *Rockpool) SetupLagoonTarget(cn string) {
 
 	r.HelmList(cn)
 	r.ConfigureTargetCoreDNS(cn)
+	r.InstallIngressNginx(cn)
 	r.InstallNfsProvisioner(cn)
 	r.InstallMariaDB(cn)
 	r.InstallLagoonRemote(cn)
@@ -209,6 +212,33 @@ func (r *Rockpool) InstallMailHog() {
 	}
 }
 
+func (r *Rockpool) SetupNginxReverseProxyForRemotes() {
+	cn := r.ControllerClusterName()
+
+	cm := map[string]interface{}{
+		"Name":   r.Config.Name,
+		"Domain": r.Config.Domain,
+	}
+	targets := map[int]string{}
+	for i := 0; i < r.Config.NumTargets; i++ {
+		targets[i+1] = r.TargetIP(r.TargetClusterName(i + 1))
+	}
+	cm["Targets"] = targets
+
+	patchFile, err := r.RenderTemplate("ingress-nginx-values.yml.tmpl", cm, "")
+	if err != nil {
+		fmt.Printf("[%s] error rendering ingress nginx patch template: %s\n", cn, err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("[%s] using generated manifest at %s\n", cn, patchFile)
+	_, err = r.KubeApply(cn, "ingress-nginx", patchFile, true)
+	if err != nil {
+		fmt.Printf("[%s] unable to setup nginx reverse proxy: %s\n", cn, internal.GetCmdStdErr(err))
+		os.Exit(1)
+	}
+}
+
 func (r *Rockpool) InstallCertManager() {
 	cn := r.ControllerClusterName()
 	_, err := r.KubeApplyTemplate(cn, "", "cert-manager.yaml", true)
diff --git a/pkg/rockpool/templates/ingress-nginx-values.yml.tmpl b/pkg/rockpool/templates/ingress-nginx-values.yml.tmpl
new file mode 100644
index 0000000..b106e47
--- /dev/null
+++ b/pkg/rockpool/templates/ingress-nginx-values.yml.tmpl
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-controller
+data:
+  http-snippet: |
+    {{ range $targetId, $targetIp := .Targets }}
+    server {
+            server_name *.{{ $.Name }}{{ $targetId }}.{{ $.Name }}.{{ $.Domain }};
+
+            listen 80;
+            listen [::]:80;
+
+            location / {
+                    access_log off;
+                    client_max_body_size 8m;
+
+                    proxy_connect_timeout 5s;
+                    proxy_send_timeout 60s;
+                    proxy_read_timeout 60s;
+
+                    proxy_buffering off;
+                    proxy_buffer_size 4k;
+                    proxy_buffers 4 4k;
+
+                    proxy_max_temp_file_size 1024m;
+
+                    proxy_request_buffering on;
+                    proxy_http_version 1.1;
+
+                    proxy_cookie_domain off;
+                    proxy_cookie_path off;
+
+                    proxy_set_header Host $host;
+                    proxy_set_header X-Real-IP $remote_addr;
+                    proxy_pass http://{{ $targetIp }}/;
+            }
+    }
+    {{ end }}