diff --git a/group_vars/dch-proxy.yml b/group_vars/dch-proxy.yml
index 0e8efed..0ba6ab5 100644
--- a/group_vars/dch-proxy.yml
+++ b/group_vars/dch-proxy.yml
@@ -89,7 +89,7 @@ dch_proxy_backends:
     servers:
     - name: gitea
       host: 'git0.pyrocufflink.blue:443'
-      options: check
+      options: check send-proxy
 
   jellyfin:
     servers:
diff --git a/roles/gitea/templates/gitea.httpd.conf.j2 b/roles/gitea/templates/gitea.httpd.conf.j2
index dd0044f..f6bc306 100644
--- a/roles/gitea/templates/gitea.httpd.conf.j2
+++ b/roles/gitea/templates/gitea.httpd.conf.j2
@@ -22,6 +22,22 @@ AllowEncodedSlashes NoDecode
 <VirtualHost _default_:443>
     ServerName {{ gitea_http_domain }}
 
+    RemoteIPProxyProtocol On
+    RemoteIPProxyProtocolExceptions \
+        172.30.0.1/32 \
+        172.30.0.2/32 \
+        172.30.0.3/32 \
+        172.30.0.4/32 \
+        172.30.0.5/32 \
+        172.30.0.7/32 \
+        172.30.0.8/29 \
+        172.30.0.16/28 \
+        172.30.0.32/27 \
+        172.30.0.160/27 \
+        172.30.0.192/29 \
+        172.30.0.200/29 \
+        172.31.1.0/24
+
     SSLCertificateFile {{ gitea_ssl_certificate }}
     SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
     SSLCertificateChainFile {{ gitea_ssl_certificate }}