diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml
index e9e572c..53d6d92 100644
--- a/roles/bitwarden/defaults/main.yml
+++ b/roles/bitwarden/defaults/main.yml
@@ -1,5 +1,6 @@
 bitwarden_name: bitwarden
 bitwarden_root: "/var/lib/{{ bitwarden_name }}"
 bitwarden_database: "{{ bitwarden_name }}"
+bitwarden_realips: "172.16.0.0/12"
 bitwarden_standalone: false
 bitwarden_production: false
diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml
index 7f9a6b3..6c7f16b 100644
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@@ -65,6 +65,12 @@
   when: not bitwarden_standalone
   notify: rebuild_bitwarden
 
+- name: Define reverse proxy servers
+  lineinfile:
+    path: "{{ bitwarden_root }}/bwdata/config.yml"
+    line: "- {{ bitwarden_realips }}"
+    insertafter: "^real_ips"
+
 - name: Install Bitwarden systemd service
   template:
     src: bitwarden.service.j2
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index f48fd62..328afb9 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -14,5 +14,9 @@ gitea_dbhost: host.docker.internal
 gitea_dbname: "{{ gitea_name }}"
 gitea_dbuser: "{{ gitea_name }}"
 
+# proxy settings
+gitea_proxy_limit: "1"
+gitea_trusted_proxies: "172.16.0.0/12"
+
 # host
 gitea_root: "{{ docker_compose_root }}/{{ gitea_name }}"
diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml
new file mode 100644
index 0000000..9605ef0
--- /dev/null
+++ b/roles/gitea/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart Gitea
+  service:
+    name: "{{ docker_compose_service }}@{{ gitea_name }}"
+    state: restarted
+  listen: restart_gitea
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index 8a382d8..c276818 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -73,11 +73,13 @@
   template:
     src: docker-compose.yml.j2
     dest: "{{ gitea_root }}/docker-compose.yml"
+  notify: restart_gitea
 
 - name: Install Gitea's docker-compose variables
   template:
     src: compose-env.j2
     dest: "{{ gitea_root }}/.env"
+  notify: restart_gitea
 
 - name: Start and enable Gitea service
   service:
diff --git a/roles/gitea/templates/compose-env.j2 b/roles/gitea/templates/compose-env.j2
index b88eb24..e540e17 100644
--- a/roles/gitea/templates/compose-env.j2
+++ b/roles/gitea/templates/compose-env.j2
@@ -10,6 +10,8 @@ gitea_dbhost={{ gitea_dbhost }}
 gitea_dbname={{ gitea_dbname }}
 gitea_dbuser={{ gitea_dbuser }}
 gitea_dbpass={{ gitea_dbpass }}
+gitea_proxy_limit={{ gitea_proxy_limit }}
+gitea_trusted_proxies={{ gitea_trusted_proxies }}
 {% if not gitea_signup %}
 gitea_disable_registration=true
 {% else %}
diff --git a/roles/gitea/templates/docker-compose.yml.j2 b/roles/gitea/templates/docker-compose.yml.j2
index a87022f..4a3dac6 100644
--- a/roles/gitea/templates/docker-compose.yml.j2
+++ b/roles/gitea/templates/docker-compose.yml.j2
@@ -20,6 +20,8 @@ services:
       - GITEA__database__NAME=${gitea_dbname}
       - GITEA__database__USER=${gitea_dbuser}
       - GITEA__database__PASSWD=${gitea_dbpass}
+      - GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit}
+      - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies}
       - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}
     volumes:
       - {{ gitea_volume }}:/data