diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 8d61b273324f6d6044d14912f695126c7f0471c0..f247cf673b20b929c20dbde9d5649cc8b309486f 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -28,7 +28,7 @@ glob_nginx:
   default_ssl_domain: crans.org
   real_ip_from:
     - "172.16.0.0/16"
-    - "fd00:0:0:10::/64"
+    - "fd00::/56"
   deploy_robots_file: false
 
 glob_prometheus_nginx_exporter:
diff --git a/host_vars/rodauh.cachan-adm.crans.org.yml b/host_vars/rodauh.cachan-adm.crans.org.yml
index 6e83805e2cddec7ce55565a423eaefe39c4ef158..54005bcdb9241a45bff4dac2b9cbe035636f815a 100644
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ b/host_vars/rodauh.cachan-adm.crans.org.yml
@@ -26,6 +26,17 @@ loc_certbot:
     certname: crans.org
     domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
 
+loc_nginx:
+  servers: []
+  ssl:
+    - name: crans.org
+      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+  real_ip_from:
+    - "172.17.0.0/16"
+    - "fd00:0:0:3000::/56"
+
 loc_reverseproxy:
   reverseproxy_sites:
     - {from: ftps.crans.org, to: 172.17.10.30}