diff --git a/appinfo.yml b/appinfo.yml
index 621a615..81af83b 100644
--- a/appinfo.yml
+++ b/appinfo.yml
@@ -21,13 +21,13 @@ configdefinition:
       description: The key file used for the certificate.  ATM this nginx only supports one certificate (use wildcards)
     httpport:
       type: integer
-      default: 8080
-      minimum: 1025
+      default: 80
+      minimum: 1
       maximum: 65536
     httpsport:
       type: integer
-      default: 8443
-      minimum: 1025
+      default: 443
+      minimum: 1
       maximum: 65536
     listenhttpaddress4:
       type: string
@@ -45,22 +45,25 @@ configdefinition:
       type: string
       format: ipv6
       default: "::"
-imports:
-  web:
-    "$id": "web import"
-    "$schema": "http://json-schema.org/draft-07/schema#"
-    description: What we import from other apps under the web key.  To define what we need to proxy
-    type: array
-    items:
-      type: object
-      additionalProperties: false
-      properties:
-        proxyaddress:
-          type: string
-          description: The address to proxy to
-        publicname:
-          default: ""
-          type: string
-          description: The public address to expose, it will be sufixed by the domainname we use.  Will default to the appname
-      required:
-        - proxyaddress
+ports:
+    - http
+    - https
+exports:
+  firewall:
+    redirect:
+      - from: "{{ config.httpport }}"
+        to: "{{ ports.http }}"
+        version: ipv4
+        ip: "{{ config.listenhttpaddress4 }}"
+      - from: "{{ config.httpsport }}"
+        to: "{{ ports.https }}"
+        version: ipv4
+        ip: "{{ config.listenhttpaddress4 }}"
+      - from: "{{ config.httpport }}"
+        to: "{{ ports.http }}"
+        version: ipv6
+        ip: "{{ config.listenhttpaddress6 }}"
+      - from: "{{ config.httpsport }}"
+        to: "{{ ports.https }}"
+        version: ipv6
+        ip: "{{ config.listenhttpaddress6 }}"
diff --git a/nginx.conf.j2 b/nginx.conf.j2
index 105c5c5..f19e5f8 100644
--- a/nginx.conf.j2
+++ b/nginx.conf.j2
@@ -29,16 +29,20 @@ http {
 
     gzip  on;
     server {
-        listen [{{ config.listenhttpaddress6 }}]:{{ config.httpport }};
-        listen {{ config.listenhttpaddress4 }}:{{ config.httpport }};
+        listen [{{ config.listenhttpaddress6 }}]:{{ ports.http }};
+        listen {{ config.listenhttpaddress4 }}:{{ ports.http }};
+        {% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.http }};{% endif %}
+        {% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.http }};{% endif %}
         server_name _;
         root /var/www/empty;
         default_type text/html;
         return 200 "Nothing to see here";
     }
     server {
-        listen [{{ config.listenhttpaddress6 }}]:{{ config.httpsport }} ssl;
-        listen {{ config.listenhttpaddress4 }}:{{ config.httpsport }} ssl;
+        listen [{{ config.listenhttpaddress6 }}]:{{ ports.https }} ssl;
+        listen {{ config.listenhttpaddress4 }}:{{ ports.https }} ssl;
+        {% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.https }} ssl;{% endif %}
+        {% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.https }} ssl;{% endif %}
         server_name _;
 
         ssl_certificate /etc/nginx/ssl.cert;
@@ -52,12 +56,14 @@ http {
 
 {% for app in otherapps -%}
 {%- if "web" in otherapps[app]["imports"] -%}
-{%- for onesite in otherapps[app]["imports"]["web"] -%}
+{%- for onesite in otherapps[app]["imports"]["web"]["sites"] -%}
 
     {# Redirect http to https.  We only support https sites #}
     server {
-        listen [{{ config.listenhttpaddress6 }}]:{{ config.httpport }};
-        listen {{ config.listenhttpaddress4 }}:{{ config.httpport }};
+        listen [{{ config.listenhttpaddress6 }}]:{{ ports.http }};
+        listen {{ config.listenhttpaddress4 }}:{{ ports.http }};
+        {% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.http }};{% endif %}
+        {% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.http }};{% endif %}
         server_name {{ onesite.publicname }};
         root /var/www/empty;
         location / {
@@ -65,8 +71,10 @@ http {
         }
     }
     server {
-        listen [{{ config.listenhttpaddress6 }}]:{{ config.httpsport }} ssl;
-        listen {{ config.listenhttpaddress4 }}:{{ config.httpsport }} ssl;
+        listen [{{ config.listenhttpaddress6 }}]:{{ ports.https }} ssl;
+        listen {{ config.listenhttpaddress4 }}:{{ ports.https }} ssl;
+        {% if config.listenhttpaddress6 != "::1" %}listen [::1]:{{ ports.https }} ssl;{% endif %}
+        {% if config.listenhttpaddress4 != "127.0.0.1" %}listen 127.0.0.1:{{ ports.https }} ssl;{% endif %}
         server_name {{ onesite.publicname }};
 
         ssl_certificate /etc/nginx/ssl.cert;