diff --git a/utils/modules/zammad/default.nix b/utils/modules/zammad/default.nix
index 3113003..20a02b4 100644
--- a/utils/modules/zammad/default.nix
+++ b/utils/modules/zammad/default.nix
@@ -68,6 +68,9 @@
       ;
     };
     locations."/auth/sso" = {
+      proxyPass = "http://127.0.0.1:6042";
+      proxyWebsockets = true;
+
       extraConfig = ''
         # Basic Authelia Config
         # Send a subsequent request to Authelia to verify if the user is authenticated
@@ -84,10 +87,10 @@
         auth_request_set $groups $upstream_http_remote_groups;
         auth_request_set $name $upstream_http_remote_name;
         auth_request_set $email $upstream_http_remote_email;
-        proxy_set_header X-Forwarded-User $user;
-        proxy_set_header X-Forwarded-Groups $groups;
-        proxy_set_header X-Forwarded-Name $name;
-        proxy_set_header X-Forwarded-Email $email;
+        proxy_set_header Remote-User $user;
+        proxy_set_header Remote-Groups $groups;
+        proxy_set_header Remote-Name $name;
+        proxy_set_header Remote-Email $email;
         # If Authelia returns 401, then nginx redirects the user to the login portal.
         # If it returns 200, then the request pass through to the backend.
         # For other type of errors, nginx will handle them as usual.