diff --git a/apps/system/logging/values.yaml b/apps/system/logging/values.yaml
index ad3b49d..a7acba7 100644
--- a/apps/system/logging/values.yaml
+++ b/apps/system/logging/values.yaml
@@ -30,6 +30,20 @@ graylog:
       enabled: true
       annotations:
         cert-manager.io/cluster-issuer: letsencrypt
+        nginx.ingress.kubernetes.io/auth-url: https://oauth2.gorilych.ru/oauth2/auth
+        nginx.ingress.kubernetes.io/auth-signin: https://oauth2.gorilych.ru/oauth2/start?rd=$scheme://$host$request_uri
+        nginx.ingress.kubernetes.io/auth-response-headers: X-Forwarded-Email,X-Forwarded-User,X-Roles
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          auth_request_set $name_upstream_1 $upstream_cookie_name_1;
+          auth_request_set $user   $upstream_http_x_auth_request_user;
+          auth_request_set $email  $upstream_http_x_auth_request_email;
+          proxy_set_header X-Forwarded-User  $user;
+          proxy_set_header X-Forwarded-Email $email;
+          access_by_lua_block {
+            if ngx.var.name_upstream_1 ~= "" then
+              ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
+            end
+          }
       hosts:
       - graylog.gorilych.ru
       tls:
diff --git a/apps/system/oauth2-proxy/values.yaml b/apps/system/oauth2-proxy/values.yaml
index d270a45..bb990ef 100644
--- a/apps/system/oauth2-proxy/values.yaml
+++ b/apps/system/oauth2-proxy/values.yaml
@@ -8,6 +8,7 @@ oauth2-proxy:
     provider: github
     cookie-domain: .gorilych.ru
     whitelist-domain: .gorilych.ru
+    set-xauthrequest: true
   authenticatedEmailsFile:
     enabled: true
     restricted_access: |-