diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index 421d65ce29283592bac414a9abe4e636cedc0d42..56a2e14fbd5b41b8e0d2134524727da5a71e350d 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -19,7 +19,7 @@ services:
     environment:
       HTTP_PROXY: "http://172.30.252.68:3128"
       HTTPS_PROXY: "http://172.30.252.68:3128"
-      NO_PROXY: "172.0.0.0/8,192.168.0.0/16,10.0.0.0/8"
+      NO_PROXY: "172.0.0.0/8,192.168.0.0/16,10.0.0.0/8,shibauth"
     deploy:
       placement:
         constraints: [node.role == manager]
@@ -37,13 +37,13 @@ services:
         constraints: [node.role == manager]
       labels:
         # router for basic auth based access (https)
-        - "traefik.http.routers.shibauth.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.shibauth.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
         - "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
         - "traefik.http.routers.shibauth.tls=true"
         - "traefik.http.routers.shibauth.tls.certresolver=default"
         - "traefik.http.routers.shibauth.entrypoints=https"
         # router for basic auth based access (http)
-        - "traefik.http.routers.shibauth-redirect.rule=Host(`shib.pdas.prism.eox.at`)"
+        - "traefik.http.routers.shibauth-redirect.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
         - "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
         - "traefik.http.routers.shibauth-redirect.entrypoints=http"
         # general
diff --git a/shibauth/etc-httpd/conf.d/shib.conf b/shibauth/etc-httpd/conf.d/shib.conf
index 191c4328070622678ff19284eceb24c271e1c4b9..635aa4622281c6dc6cff8f4ff2250f4f78c669e2 100755
--- a/shibauth/etc-httpd/conf.d/shib.conf
+++ b/shibauth/etc-httpd/conf.d/shib.conf
@@ -1,4 +1,4 @@
-ServerName shib.pdas.prism.eox.at
+ServerName emg.pdas.prism.eox.at
 LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
 ShibCompatValidUser Off
 UseCanonicalName On
diff --git a/shibauth/etc-httpd/conf.d/sp.conf b/shibauth/etc-httpd/conf.d/sp.conf
index 9749dc2bfd72b10a8ab9f0d51e6f6b95f49bb144..edfa7e84698603bc22cc75e45bec500d8dac8d78 100755
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/etc-httpd/conf.d/sp.conf
@@ -1,7 +1,5 @@
-ServerName shib.pdas.prism.eox.at
-
 <VirtualHost *:80>
-    ServerName https://shib.pdas.prism.eox.at:443
+    ServerName https://emg.pdas.prism.eox.at:443
     UseCanonicalName On
 
     DocumentRoot "/var/www/html"
@@ -9,5 +7,6 @@ ServerName shib.pdas.prism.eox.at
       AuthType shibboleth
       ShibRequestSetting requireSession 1
       require shib-session
+      RequestHeader set Referer X-Forwarded-Uri env=X-Forwarded-Uri
     </Location>
 </VirtualHost>
\ No newline at end of file
diff --git a/traefik-dynamic.yml b/traefik-dynamic.yml
index 896eaef8bc7aa05f4e350ae951af9aece2728160..495ef4ebe69d35abf1ee6835c1427a931cf22431 100644
--- a/traefik-dynamic.yml
+++ b/traefik-dynamic.yml
@@ -22,7 +22,7 @@ http:
           - "***REMOVED***"
     shibAuth:
       forwardAuth:
-        address: https://shibauth/secure
+        address: http://shibauth/secure
         trustForwardHeader: true
     compress:
       compress: {}