diff --git a/hosting/kubernetes/nginx/nginx.conf b/hosting/kubernetes/nginx/nginx.conf
index 2bf512964b..9d03aaab18 100644
--- a/hosting/kubernetes/nginx/nginx.conf
+++ b/hosting/kubernetes/nginx/nginx.conf
@@ -22,7 +22,7 @@ http {
   # buffering
   client_body_buffer_size 1K;
   client_header_buffer_size 1k;
-  client_max_body_size 1k;
+  client_max_body_size 10M;
   ignore_invalid_headers off;
   proxy_buffering off;
 
@@ -36,20 +36,28 @@ http {
 
   server { 
     listen       10000 default_server;
+    listen  [::]:10000 default_server;
     server_name  _;
+    port_in_redirect off;
 
     # Security Headers
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
-    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
+    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src http: https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
 
     location /app {
-      proxy_pass      http://app-service:4002;
+      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
       rewrite ^/app/(.*)$ /$1 break;
     }
 
     location = / {
+      proxy_http_version  1.1;
+      proxy_set_header    Connection          $connection_upgrade;
+      proxy_set_header    Upgrade             $http_upgrade;
+      proxy_set_header    Host                $host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
       proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
     }
 
@@ -63,16 +71,22 @@ http {
       proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
     }
 
-    location ^/(builder|app_) {
+    location ~ ^/(builder|app_) {
+      proxy_http_version  1.1;
+      proxy_set_header    Connection          $connection_upgrade;
+      proxy_set_header    Upgrade             $http_upgrade;
+      proxy_set_header    Host                $host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
       proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
     }
 
     location ~ ^/api/(system|admin|global)/ {
-      proxy_pass      http://worker-service.budibase.svc.cluster.local:4003;
+      proxy_pass      http://worker-service.budibase.svc.cluster.local:4001;
     }
 
     location /worker/ {
-      proxy_pass      http://worker-service.budibase.svc.cluster.local:4003;
+      proxy_pass      http://worker-service.budibase.svc.cluster.local:4001;
       rewrite ^/worker/(.*)$ /$1 break;
     }
 
@@ -105,11 +119,11 @@ http {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host $http_host;
+      proxy_set_header Connection "";
+      proxy_http_version 1.1;
+      chunked_transfer_encoding off;
 
       proxy_connect_timeout 300;
-      proxy_http_version 1.1;
-      proxy_set_header Connection "";
-      chunked_transfer_encoding off;
       proxy_pass      http://minio-service.budibase.svc.cluster.local:9000;
     }
 
diff --git a/hosting/proxy/nginx.conf b/hosting/proxy/nginx.conf
index 7a8a44e2d8..ff12e2f49e 100644
--- a/hosting/proxy/nginx.conf
+++ b/hosting/proxy/nginx.conf
@@ -24,7 +24,6 @@ http {
   client_header_buffer_size 1k;
   client_max_body_size 1k;
   ignore_invalid_headers off;
-  proxy_buffering off;
 
 
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -37,16 +36,18 @@ http {
 
   server { 
     listen       10000 default_server;
+    listen  [::]:10000 default_server;
     server_name  _;
     client_max_body_size 1000m;
     ignore_invalid_headers off;
     proxy_buffering off;
+    port_in_redirect off;
 
     # Security Headers
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
-    add_header Content-Security-Policy  "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
+    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src http: https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
 
     location /app {
       proxy_pass      http://app-service:4002;
@@ -54,6 +55,7 @@ http {
     }
 
     location = / {
+      port_in_redirect off;
       proxy_pass      http://app-service:4002;
     }
 
@@ -62,6 +64,7 @@ http {
     }
 
     location /builder/ {
+      port_in_redirect off;
       proxy_http_version  1.1;
       proxy_set_header    Connection          $connection_upgrade;
       proxy_set_header    Upgrade             $http_upgrade;
@@ -71,7 +74,14 @@ http {
       proxy_pass      http://app-service:4002;
     }
 
-    location ^/(builder|app_) {
+    location ~ ^/(builder|app_) {
+      port_in_redirect off;
+      proxy_http_version  1.1;
+      proxy_set_header    Connection          $connection_upgrade;
+      proxy_set_header    Upgrade             $http_upgrade;
+      proxy_set_header    Host                $host;
+      proxy_set_header    X-Real-IP           $remote_addr;
+      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
       proxy_pass      http://app-service:4002;
     }
 
diff --git a/packages/cli/src/hosting/index.js b/packages/cli/src/hosting/index.js
index ecf3b710b2..2b147810b4 100644
--- a/packages/cli/src/hosting/index.js
+++ b/packages/cli/src/hosting/index.js
@@ -15,7 +15,7 @@ const makeEnv = require("./makeEnv")
 const axios = require("axios")
 const AnalyticsClient = require("../analytics/Client")
 
-const BUDIBASE_SERVICES = ["app-service", "worker-service"]
+const BUDIBASE_SERVICES = ["app-service", "worker-service", "proxy-service"]
 const ERROR_FILE = "docker-error.log"
 const FILE_URLS = [
   "https://raw.githubusercontent.com/Budibase/budibase/master/hosting/docker-compose.yaml",