diff --git a/automation/roles/algo/tasks/algo_firewall.yml b/automation/roles/algo/tasks/algo_firewall.yml
index f56750a8..fef2775b 100644
--- a/automation/roles/algo/tasks/algo_firewall.yml
+++ b/automation/roles/algo/tasks/algo_firewall.yml
@@ -37,3 +37,16 @@
     jump: ACCEPT
     comment: Accept new admin SSL connections
   become: yes
+
+- name: Allow admin HTTP on port 1080
+  iptables:
+    chain: INPUT
+    action: insert
+    rule_num: 8
+    protocol: tcp
+    destination_port: "1080"
+    ctstate: NEW
+    syn: match
+    jump: ACCEPT
+    comment: Accept new admin SSL connections
+  become: yes
diff --git a/automation/roles/mitmproxy/files/mitmdump_monitor.sh b/automation/roles/mitmproxy/files/mitmdump_monitor.sh
index b4d72be8..3d9a40c4 100644
--- a/automation/roles/mitmproxy/files/mitmdump_monitor.sh
+++ b/automation/roles/mitmproxy/files/mitmdump_monitor.sh
@@ -26,22 +26,22 @@ if [[ ! -f ${ROOT_KEY_MARKER} ]] ; then
 fi
 
 function ensureMitmOn {
-  ok80=$(iptables -vnL PREROUTING  -t nat | tail +3 | grep REDIRECT | grep -c "tcp dpt:80 redir ports 8888")
-  if [[ ${ok80} -eq 0 ]] ; then
-    log "Enabling MITM port forwarding on TCP port 80 -> 8888"
-    iptables -I PREROUTING 1 -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8888 || log "Error enabling MITM port 80 forwarding"
-  fi
-  ok443=$(iptables -vnL PREROUTING  -t nat | tail +3 | grep REDIRECT | grep -c "tcp dpt:443 redir ports 8888")
-  if [[ ${ok443} -eq 0 ]] ; then
-    log "Enabling MITM port forwarding on TCP port 443 -> 8888"
-    iptables -I PREROUTING 1 -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8888 || log "Error enabling MITM port 443 forwarding"
-  fi
+  log "Flushing PREROUTING before enabling MITM services"
+  iptables -F PREROUTING  -t nat || log "Error disabling MITM port forwarding"
+  log "Enabling MITM port forwarding on TCP port 80 -> 8888"
+  iptables -I PREROUTING 1 -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8888 || log "Error enabling MITM port forwarding 80 -> 8888"
+  log "Enabling MITM port forwarding on TCP port 443 -> 8888"
+  iptables -I PREROUTING 1 -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8888 || log "Error enabling MITM port forwarding 443 -> 8888"
   echo -n on > ${ROOT_KEY_MARKER}
 }
 
 function ensureMitmOff {
-  log "Disabling MITM port forwarding"
+  log "Flushing PREROUTING before disabling MITM services"
   iptables -F PREROUTING  -t nat || log "Error disabling MITM port forwarding"
+  log "Enabling MITM port forwarding on TCP port 80 -> 1080"
+  iptables -I PREROUTING 1 -t nat -p tcp --dport 80 -j REDIRECT --to-ports 1080 || log "Error enabling nginx port forwarding 80 -> 1080"
+  log "Enabling MITM port forwarding on TCP port 443 -> 1443"
+  iptables -I PREROUTING 1 -t nat -p tcp --dport 443 -j REDIRECT --to-ports 1443 || log "Error enabling nginx port forwarding 443 -> 1143"
   echo -n off > ${ROOT_KEY_MARKER}
 }
 
diff --git a/automation/roles/nginx/templates/site_node.conf.j2 b/automation/roles/nginx/templates/site_node.conf.j2
index 7ae476d2..89cdf1aa 100644
--- a/automation/roles/nginx/templates/site_node.conf.j2
+++ b/automation/roles/nginx/templates/site_node.conf.j2
@@ -1,5 +1,6 @@
 server {
     server_name {{ server_name }};
+    listen 1080;
     listen {{ ssl_port }} ssl http2;
 
     root  /home/bubble/site/;
@@ -34,6 +35,6 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
 
     if ($scheme != "https") {
-        return 301 https://$host$request_uri;
+        return 301 https://$host:{{ ssl_port }}$request_uri;
     }
 }
diff --git a/automation/roles/nginx/templates/site_node_alias.conf.j2 b/automation/roles/nginx/templates/site_node_alias.conf.j2
index bba7c5a6..ee4601b9 100644
--- a/automation/roles/nginx/templates/site_node_alias.conf.j2
+++ b/automation/roles/nginx/templates/site_node_alias.conf.j2
@@ -1,5 +1,6 @@
 server {
     server_name {{ server_alias }};
+    listen 1080;
     listen {{ ssl_port }} ssl http2;
 
     root  /home/bubble/site/;
@@ -34,6 +35,6 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
 
     if ($scheme != "https") {
-        return 301 https://$host$request_uri;
+        return 301 https://$host:{{ ssl_port }}$request_uri;
     }
 }