diff --git a/states/nginx/config.sls b/states/nginx/config.sls
index 3121dcb..645e090 100644
--- a/states/nginx/config.sls
+++ b/states/nginx/config.sls
@@ -60,7 +60,7 @@ nginx-sites-available-{{ name }}:
         cache: {{ vhost.cache|default(true) }}
         autoindex: {{ vhost.autoindex|default(false) }}
         root_dir: {{ vhost.root_dir|default(none) }}
-        internal_access: {{ vhost.internal_access|default(false) }}
+        internal: {{ vhost.internal|default(false) }}
         auth: {{ vhost.auth|default(false) }}
         dirs: {{ vhost.dirs|default([]) }}
         headers: {{ vhost.headers|default({}) }}
diff --git a/states/nginx/templates/access.j2 b/states/nginx/templates/access.j2
index abae1af..f1a38c3 100644
--- a/states/nginx/templates/access.j2
+++ b/states/nginx/templates/access.j2
@@ -1,14 +1,14 @@
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 {%- from "nginx/map.jinja" import net with context %}
-real_ip_header X-Forwarded-For;
+
 geo $allow {
-  {%- for key, value in net.ipv4_networks.items() %}
-  #allow {{ value.ip }}/{{ value.mask }};
-  {{ value.ip }}/{{ value.mask }} 1;
+  proxy ::1/128;
+  proxy 127.0.0.1/32;
+  proxy 192.168.0.0/16;
+
+  {%- for network in net.ip_networks %}
+  {{ network }} true;
   {%- endfor %}
-  {%- for key, value in net.ipv6_networks.items() %}
-  #allow {{ value.ip }}/{{ value.mask }};
-  {{ value.ip }}/{{ value.mask }} 1;
-  {%- endfor %}
-  default 0;
-}
\ No newline at end of file
+
+  default false;
+}
diff --git a/states/nginx/templates/http.j2 b/states/nginx/templates/http.j2
index 491e2c2..93fc405 100644
--- a/states/nginx/templates/http.j2
+++ b/states/nginx/templates/http.j2
@@ -1,5 +1,5 @@
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 {%- from "nginx/map.jinja" import nginx with context %}
 
-listen {{ nginx.config.http_port }};
-listen [::]:{{ nginx.config.http_port }};
\ No newline at end of file
+listen {{ nginx.config.http_port }} proxy_protocol;
+listen [::]:{{ nginx.config.http_port }} proxy_protocol;
diff --git a/states/nginx/templates/https.j2 b/states/nginx/templates/https.j2
index 3efdf7f..38e11b9 100644
--- a/states/nginx/templates/https.j2
+++ b/states/nginx/templates/https.j2
@@ -1,5 +1,5 @@
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 {%- from "nginx/map.jinja" import nginx with context %}
 
-listen {{ nginx.config.https_port }} ssl http2;
-listen [::]:{{ nginx.config.https_port }} ssl http2;
\ No newline at end of file
+listen {{ nginx.config.https_port }} ssl http2 proxy_protocol;
+listen [::]:{{ nginx.config.https_port }} ssl http2 proxy_protocol;
diff --git a/states/nginx/templates/nginx.conf.j2 b/states/nginx/templates/nginx.conf.j2
index fc9d96f..b5c8c40 100644
--- a/states/nginx/templates/nginx.conf.j2
+++ b/states/nginx/templates/nginx.conf.j2
@@ -17,14 +17,13 @@ events {
 }
 
 http {
+  include access;
   include fastcgi_params;
   include proxy_params;
   include mime.types;
   include ssl_params;
   charset utf-8;
 
-  include access;
-
   {%- if nginx.config.geoip %}
   geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {
     $geoip2_asn default=0 autonomous_system_number;
@@ -47,6 +46,7 @@ http {
   access_log syslog:server=localhost:514 main;
 
   default_type application/octet-stream;
+  tcp_nodelay on;
   sendfile on;
   keepalive_timeout 60;
   server_tokens off;
@@ -57,16 +57,16 @@ http {
 
   gzip on;
   gzip_vary on;
-  gzip_min_length 1024;
+  gzip_min_length 1023;
   gzip_proxied expired no-cache no-store private auth;
   gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
 
   server {
-    listen {{ nginx.config.http_port }} default_server;
-    listen [::]:{{ nginx.config.http_port }} default_server;
+    listen {{ nginx.config.http_port }} default_server proxy_protocol;
+    listen [::]:{{ nginx.config.http_port }} default_server proxy_protocol;
 
-    listen {{ nginx.config.https_port }} default_server ssl http2;
-    listen [::]:{{ nginx.config.https_port }} default_server ssl http2;
+    listen {{ nginx.config.https_port }} default_server ssl http2 proxy_protocol;
+    listen [::]:{{ nginx.config.https_port }} default_server ssl http2 proxy_protocol;
 
     root /var/www/html;
     index index.html;
diff --git a/states/nginx/templates/proxy_params.j2 b/states/nginx/templates/proxy_params.j2
index 935c3e7..cf8caf2 100644
--- a/states/nginx/templates/proxy_params.j2
+++ b/states/nginx/templates/proxy_params.j2
@@ -4,8 +4,10 @@ proxy_redirect off;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
 client_max_body_size 0;
 client_body_buffer_size 8192k;
+
 proxy_connect_timeout 600;
 proxy_send_timeout 600;
 proxy_read_timeout 600;
@@ -14,4 +16,4 @@ proxy_buffers 32 4k;
 proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=cache:10m inactive=24h max_size=1g;
 proxy_cache cache;
 proxy_cache_valid 200 302 1h;
-proxy_cache_valid 404 1d;
\ No newline at end of file
+proxy_cache_valid 404 1d;
diff --git a/states/nginx/templates/types/dip.j2 b/states/nginx/templates/types/dip.j2
deleted file mode 100644
index d35bba1..0000000
--- a/states/nginx/templates/types/dip.j2
+++ /dev/null
@@ -1,92 +0,0 @@
-## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-
-server {
-  include                 http;
-
-  server_name             {{ vhost_name }};
-  {%- if not proxy %}
-  root                    "{{ root_dir }}";
-  {%- endif %}
-
-  if ($http_accept != '*/*') {
-    return 301 https://$server_name$request_uri;
-  }
-
-  {%- for key,value in headers.items() %}
-  add_header            {{ key }} "{{ value }}";
-  {%- endfor %}
-
-  location / {
-    {%- if proxy %}
-    proxy_pass            {{ proxy_pass }};
-    {%- if not cache %}
-    proxy_no_cache        1;
-    proxy_cache_bypass    1;
-    {%- endif %}
-    {%- endif %}
-    {%- if autoindex %}
-    autoindex             on;
-    autoindex_localtime   on;
-    {%- else %}
-    index                 index.html;
-    {% endif %}
-  }
-
-  {%- for dir in dirs %}
-  location {{ dir.name }} {
-    alias                 {{ dir.alias }};
-  }
-  {%- endfor %}
-
-  location /robots.txt {
-    return 200 "User-agent: *\r\nDisallow: /";
-  }
-}
-
-server {
-  include                 https;
-  {%- if internal_access %}
-  #include                 access;
-  if ($allow = 0) {
-    return 403;
-  }
-  {%- endif %}
-  server_name             {{ vhost_name }};
-  {%- if not proxy %}
-  root                    "{{ root_dir }}";
-  {%- endif %}
-
-  {%- for key,value in headers.items() %}
-  add_header            {{ key }} "{{ value }}";
-  {%- endfor %}
-
-  location / {
-    {%- if proxy %}
-    proxy_pass            {{ proxy_pass }};
-    {%- if not cache %}
-    proxy_no_cache        1;
-    proxy_cache_bypass    1;
-    {%- endif %}
-    {%- endif %}
-    {%- if autoindex %}
-    autoindex             on;
-    autoindex_localtime   on;
-    {%- else %}
-    index                 index.html index.rss;
-    {% endif %}
-    {%- if auth %}
-    auth_basic "Restricted area";
-    auth_basic_user_file {{ config_dir }}/auth/htpasswd;
-    {%- endif %}
-  }
-
-  {%- for dir in dirs %}
-  location {{ dir.name }} {
-    alias                 {{ dir.alias }};
-  }
-  {%- endfor %}
-
-  location /robots.txt {
-    return 200 "User-agent: *\r\nDisallow: /";
-  }
-}
diff --git a/states/nginx/templates/types/rd.j2 b/states/nginx/templates/types/rd.j2
index 23a882f..3537f4a 100644
--- a/states/nginx/templates/types/rd.j2
+++ b/states/nginx/templates/types/rd.j2
@@ -8,7 +8,7 @@ server {
 
 server {
   include                 https;
-  {%- if internal_access %}
+  {%- if internal %}
   #include                 access;
   if ($allow = 0) {
     return 403;
diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2
index 8475273..c834600 100644
--- a/states/nginx/templates/types/simple.j2
+++ b/states/nginx/templates/types/simple.j2
@@ -8,17 +8,17 @@ server {
 
 server {
   include                 https;
-  {%- if internal_access %}
-  #include                access;
-  if ($allow = 0) {
-    return 403;
-  }
-  {%- endif %}
   server_name             {{ vhost_name }}{% for i in sub %} {{ "%s.%s"|format(i,vhost_name) }} {% endfor %};
   {%- if not proxy %}
   root                    "{{ root_dir }}";
   {%- endif %}
 
+  {%- if internal %}
+  if ($allow = false) {
+    return 403;
+  }
+  {%- endif %}
+
   {%- for key,value in headers.items() %}
   add_header              {{ key }} "{{ value }}";
   {%- endfor %}
diff --git a/states/nginx/templates/types/vaultwarden.j2 b/states/nginx/templates/types/vaultwarden.j2
deleted file mode 100644
index e92d5c5..0000000
--- a/states/nginx/templates/types/vaultwarden.j2
+++ /dev/null
@@ -1,50 +0,0 @@
-## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-
-server {
-  include                 http;
-  server_name             {{ vhost_name }};
-  return                  301 https://$server_name$request_uri;
-}
-
-server {
-  include                 https;
-  {%- if internal_access %}
-  #include                 access;
-  if ($allow = 0) {
-    return 403;
-  }
-  {%- endif %}
-  server_name             {{ vhost_name }};
-  {%- if not proxy %}
-  root                    "{{ root_dir }}";
-  {%- endif %}
-  location / {
-    {%- if proxy %}
-    proxy_pass            {{ proxy_pass }};
-    {%- if not cache %}
-    proxy_no_cache        1;
-    proxy_cache_bypass    1;
-    {%- endif %}
-    {%- endif %}
-    {%- if autoindex %}
-    autoindex             on;
-    autoindex_localtime   on;
-    {%- else %}
-    index                 index.html;
-    {% endif %}
-    {%- if auth %}
-    auth_basic "Restricted area";
-    auth_basic_user_file {{ config_dir }}/auth/htpasswd;
-    {%- endif %}
-  }
-
-  {%- for dir in dirs %}
-  location {{ dir.name }} {
-    alias                 {{ dir.alias }};
-  }
-  {%- endfor %}
-
-  location /robots.txt {
-    return 200 "User-agent: *\r\nDisallow: /";
-  }
-}