diff --git a/charts/lemmy/templates/configmap-proxy.yaml b/charts/lemmy/templates/configmap-proxy.yaml
index a38d4dd..393bc7a 100644
--- a/charts/lemmy/templates/configmap-proxy.yaml
+++ b/charts/lemmy/templates/configmap-proxy.yaml
@@ -9,68 +9,96 @@ metadata:
     app.kubernetes.io/component: proxy
 data:
   nginx.conf: |
-    worker_processes 1;
+    worker_processes auto;
+
     events {
-        worker_connections 1024;
+      worker_connections 1024;
     }
     http {
-        upstream lemmy {
+      # We construct a string consistent of the "request method" and "http accept header"
+      # and then apply soem ~simply regexp matches to that combination to decide on the
+      # HTTP upstream we should proxy the request to.
+      #
+      # Example strings:
+      #
+      #   "GET:application/activity+json"
+      #   "GET:text/html"
+      #   "POST:application/activity+json"
+      #
+      # You can see some basic match tests in this regex101 matching this configuration
+      # https://regex101.com/r/vwMJNc/1
+      #
+      # Learn more about nginx maps here http://nginx.org/en/docs/http/ngx_http_map_module.html
+      map "$request_method:$http_accept" $proxpass {
+          # If no explicit matches exists below, send traffic to lemmy-ui
+          default "http://lemmy-ui";
+
+          # GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
+          #
+          # These requests are used by Mastodon and other fediverse instances to look up profile information,
+          # discover site information and so on.
+          "~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://lemmy";
+
+          # All non-GET/HEAD requests should go to lemmy
+          #
+          # Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
+          # we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
+          "~^(?!(GET|HEAD)).*:" "http://lemmy";
+      }
+
+      upstream lemmy {
             # this needs to map to the lemmy (server) docker service hostname
             server "{{ include "lemmy.fullname" . }}:{{ .Values.backend.service.port }}";
-        }
-        upstream lemmy-ui {
+      }
+      upstream lemmy-ui {
             # this needs to map to the lemmy-ui docker service hostname
             server "{{ include "lemmy.uiname" . }}:{{ .Values.frontend.service.port }}";
-        }
+      }
 
-        server {
-            listen 8536;
+      server {
+          # this is the port inside docker, not the public one yet
+          listen 1236;
+          listen 8536;
 
-            server_name {{ .Values.serverName }};
-            server_tokens off;
+          server_name {{ .Values.serverName }};
+          server_tokens off;
 
-            gzip on;
-            gzip_types text/css application/javascript image/svg+xml;
-            gzip_vary on;
+          gzip on;
+          gzip_types text/css application/javascript image/svg+xml;
+          gzip_vary on;
 
-            client_max_body_size 20M;
+          # Upload limit, relevant for pictrs
+          client_max_body_size 20M;
 
-            add_header X-Frame-Options SAMEORIGIN;
-            add_header X-Content-Type-Options nosniff;
-            add_header X-XSS-Protection "1; mode=block";
+          add_header X-Frame-Options SAMEORIGIN;
+          add_header X-Content-Type-Options nosniff;
+          add_header X-XSS-Protection "1; mode=block";
 
-            location / {
-                set $proxpass "http://lemmy-ui";
+          # Send actual client IP upstream
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
-                if ($http_accept = "application/activity+json") {
-                  set $proxpass "http://lemmy";
-                }
-                if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
-                  set $proxpass "http://lemmy";
-                }
-                if ($request_method = POST) {
-                  set $proxpass "http://lemmy";
-                }
-                proxy_pass $proxpass;
+          # frontend general requests
+          location / {
+              proxy_pass $proxpass;
+              rewrite ^(.+)/+$ $1 permanent;
+          }
 
-                rewrite ^(.+)/+$ $1 permanent;
+          # security.txt
+          location = /.well-known/security.txt {
+              proxy_pass "http://lemmy-ui";
+          }
 
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header Host $host;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            }
+          # backend
+          location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
+              proxy_pass "http://lemmy";
 
-            location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
-                proxy_pass "http://lemmy";
-
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header Host $host;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            }
-        }
+              # proxy common stuff
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection "upgrade";
+          }
+      }
     }
 {{- end }}