diff --git a/ingress-external-devices/ceph.yaml b/ingress-external-devices/ceph.yaml
index 98a2d05..14f75c4 100644
--- a/ingress-external-devices/ceph.yaml
+++ b/ingress-external-devices/ceph.yaml
@@ -4,6 +4,7 @@ metadata:
   name: ceph-dashboard
   namespace: ingress-external
 spec:
+  type: ClusterIP
   ports:
     - name: https
       port: 8443
@@ -16,15 +17,10 @@ metadata:
   namespace: ingress-external
 subsets:
   - addresses:
-      #- ip: fd00:0:0:2::61
-      #- ip: fd00:0:0:2::62
-      #- ip: fd00:0:0:2::63
-      # optional IPv4 too, but usually one family is enough:
-      # - ip: 10.0.2.61
-      # - ip: 10.0.2.62
-       - ip: 10.0.2.63
+      - ip: 10.0.2.63
     ports:
-      - port: 8443
+      - name: https
+        port: 8443
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -35,15 +31,19 @@ metadata:
     kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt
 
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 
     nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
+
+    nginx.ingress.kubernetes.io/service-upstream: "true"
+
+    nginx.ingress.kubernetes.io/upstream-vhost: "hyper1.undercloud.local"
+    nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
+    nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper1.undercloud.local"
+
     nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-
-    nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout http_500 http_502 http_503 http_504"
-    nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3"
 spec:
   tls:
     - hosts: