diff --git a/nexcloud/values.yaml b/nexcloud/values.yaml
index c809379..93685ad 100644
--- a/nexcloud/values.yaml
+++ b/nexcloud/values.yaml
@@ -60,9 +60,17 @@ nextcloud:
         $CONFIG = array (
           'overwritehost' => 'cloud.limbosolutions.com',
           'overwrite.cli.url' => 'https://cloud.limbosolutions.com',
-          'overwriteprotocol' => 'https'
+          'overwriteprotocol' => 'https',
+          'trusted_proxies' => array ( 0 => '127.0.0.1', 1 => '::1', 2 => '10.0.0.0'),
+        );
+    
+    # A value of 1 e.g. will only run these background jobs between 01:00am UTC and 05:00am UTC:
+    # https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
+    maintenance.config.php: |-
+      <?php
+        $CONFIG = array (
+          'maintenance_window_start' => 1,
         );
-
 # nextcloud:
 #   configs:
 #     logging.config.php: |-
@@ -82,6 +90,20 @@ ingress:
     kubernetes.io/ingress.class: traefik
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
     traefik.ingress.kubernetes.io/router.entrypoints: websecure,public-https
+
+    # traefik.public-https.redirect.permanent: 'true'
+    # traefik.public-https.redirect.regex: 'https://(.*)/.well-known/(?:card|cal)dav'
+    # traefik.public-https.redirect.replacement: 'https://$$1/remote.php/dav'
+    # traefik.public-https.headers.STSPreload: 'true'
+    # traefik.public-https.headers.STSSeconds: '15552000'
+    # traefik.public-https.routers.nextcloud.middlewares: 'nextcloudHeader'
+
+    # traefik.web-secure.routers.nextcloud.middlewares: 'nextcloudHeader'
+    # traefik.websecure.headers.STSPreload: 'true'
+    # traefik.websecure.headers.STSSeconds: '15552000'
+    # traefik.websecure.redirect.permanent: 'true'
+    # traefik.websecure.redirect.regex: 'https://(.*)/.well-known/(?:card|cal)dav'
+    # traefik.websecure.redirect.replacement: 'https://$$1/remote.php/dav'
   # hosts:
   #   - host: cloud.limbosolutions.com
   #     paths: