diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index 812a21f1..26feb846 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -1,3 +1,7 @@
+log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
+                  'status=$status allow_origin=$allow_origin '
+                  '"$http_referer" "$http_user_agent"';
+
 {{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
 {{ $gzip_settings := "gzip on; gzip_min_length  1100; gzip_buffers  4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level  6;" }}
 
@@ -14,7 +18,7 @@ map $http_origin $allow_origin {
     default "";
 }
 
-proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g 
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g \
                  inactive=60m use_temp_path=off;
 limit_conn_zone $binary_remote_addr zone=addr:10m;
 limit_req_zone $binary_remote_addr zone=req_zone:10m rate=20r/s;
@@ -30,7 +34,7 @@ server {
         listen [::]:{{ $listen_port }};
         listen {{ $listen_port }};
         server_name {{ $.NOSSL_SERVER_NAME }};
-        access_log  /var/log/nginx/{{ $.APP }}-access.log;
+        access_log  /var/log/nginx/{{ $.APP }}-access.log custom;
         error_log   /var/log/nginx/{{ $.APP }}-error.log;
         client_max_body_size 100M;
 
@@ -38,7 +42,7 @@ server {
         listen [::]:{{ $listen_port }} ssl http2;
         listen {{ $listen_port }} ssl http2;
         server_name {{ $.NOSSL_SERVER_NAME }};
-        access_log  /var/log/nginx/{{ $.APP }}-access.log;
+        access_log  /var/log/nginx/{{ $.APP }}-access.log custom;
         error_log   /var/log/nginx/{{ $.APP }}-error.log;
         ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
         ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
@@ -69,7 +73,6 @@ server {
         proxy_cache_lock on;
 
         # Connections and request limits increase (bad for DDos)
-        limit_conn addr 10000;
         limit_req zone=req_zone burst=10 nodelay;
     }
 
@@ -84,11 +87,13 @@ server {
     # }
 
     location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
-    expires 30d;  # This means that the client can cache these resources for 30 days.
-    add_header Cache-Control "public, no-transform";
+        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+        expires 30d;
+        add_header Cache-Control "public, no-transform";
     }
 
     location ~* \.(mp3|wav|ogg|flac|aac|aif|webm)$ {
+      proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
       if ($request_method = 'GET') {
         add_header 'Access-Control-Allow-Origin' $allow_origin always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
@@ -123,11 +128,6 @@ server {
     internal;
   }
 
-  log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
-                  'status=$status allow_origin=$allow_origin '
-                  '"$http_referer" "$http_user_agent"';
-  access_log /var/log/nginx/access.log custom;
-
   include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
 }
 {{ end }}