diff --git a/apps/oauth2-proxy/values.yaml b/apps/oauth2-proxy/values.yaml
index f9484a3..4219221 100644
--- a/apps/oauth2-proxy/values.yaml
+++ b/apps/oauth2-proxy/values.yaml
@@ -11,8 +11,8 @@ oauth2-proxy:
       github_users = "amkartashov"
       proxy_prefix = "/"
       whitelist_domains = ".ioot.xyz"
-      cookie_refresh = "1h"
-      cookie_expire = "168h0m"
+      cookie_refresh = "1m"
+      cookie_expire = "30m"
       cookie_secure = "true"
       cookie_domains = ".ioot.xyz"
       ssl_insecure_skip_verify = "true"
@@ -21,6 +21,7 @@ oauth2-proxy:
       pass_user_headers = "true"
       set_authorization_header = "true"
       pass_authorization_header = "true"
+      set_xauthrequest = true
 
   ingress:
     enabled: true
diff --git a/apps/system/cilium/values.yaml b/apps/system/cilium/values.yaml
index cc12d95..c4dae7b 100644
--- a/apps/system/cilium/values.yaml
+++ b/apps/system/cilium/values.yaml
@@ -17,9 +17,9 @@ cilium:
           kubernetes.io/ingress.class: nginx
           kubernetes.io/tls-acme: "true"
           cert-manager.io/cluster-issuer: letsencrypt
-          nginx.ingress.kubernetes.io/auth-url: "http://oauth2-proxy.oauth2-proxy.svc.cluster.local/auth"
+          nginx.ingress.kubernetes.io/auth-url: "https://oauth2.ioot.xyz/auth"
           nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.ioot.xyz/start?rd=$escaped_request_uri"
-          nginx.ingress.kubernetes.io/auth-response-headers: "authorization"
+          nginx.ingress.kubernetes.io/auth-response-headers: "x-auth-request-user, x-auth-request-email, x-auth-request-access-token"
         hosts:
           - hubble.ioot.xyz
         tls: