diff --git a/reporting/.env b/reporting/.env
index 0810a9f0..cd1e155b 100644
--- a/reporting/.env
+++ b/reporting/.env
@@ -31,14 +31,10 @@ SUPERSET_SSL_KEY=superset.local.key
 SUPERSET_SSL_CERT_CHAIN=superset.local.crt
 # Whether to enable accessing the Superset domain securely
 SUPERSET_ENABLE_SSL=false
-# Whether Superset is behind a load balancer
-SUPERSET_BEHIND_LOAD_BALANCER=false
-# Whether to redirect HTTP traffic on the load balancer to https
-SUPERSET_LOAD_BALANCER_REDIRECT_HTTP=false
+# Whether Superset certs should be used.
+SUPERSET_PROVIDE_CERTS=false
 
 ### NiFi Service ###
-NIFI_WEB_HTTP_PORT=80
-NIFI_WEB_HTTP_HOST=nifi.local
 # The JVM Memory maximum heap size
 NIFI_JVM_HEAP_MAX="1g"
 # The domain name to use for NiFi
@@ -54,10 +50,8 @@ NIFI_SSL_KEY=nifi.local.key
 NIFI_SSL_CERT_CHAIN=nifi.local.crt
 # Whether to enable accessing the NiFi domain securely
 NIFI_ENABLE_SSL=false
-# Whether Nifi is behind a load balancer
-NIFI_BEHIND_LOAD_BALANCER=false
-# Whether to redirect HTTP traffic on the load balancer to https
-NIFI_LOAD_BALANCER_REDIRECT_HTTP=false
+# Whether provided certs should be used
+NIFI_PROVIDE_CERTS=false
 # Nifi Passwords
 DB_PASSWORD=p@ssw0rd
 INVOKEHTTP_PASSWORD=changeme
diff --git a/reporting/config/services/nginx/consul-template/openlmis.conf b/reporting/config/services/nginx/consul-template/openlmis.conf
index 0026ee7c..2c5d0170 100644
--- a/reporting/config/services/nginx/consul-template/openlmis.conf
+++ b/reporting/config/services/nginx/consul-template/openlmis.conf
@@ -26,26 +26,17 @@ log_format upstream_time '$remote_addr - $remote_user [$time_local] '
 server {
   server_name {{ $location }};
   listen 80;
+  proxy_http_version 1.1;
+  proxy_set_header Connection "";
+  proxy_set_header X-ProxyScheme http;
+  proxy_set_header Host $http_host;
+  proxy_set_header X-ProxyContextPath /;
 
 {{ if $locationData.enable_ssl }}
   return 301 https://$server_name$request_uri;
 {{ else }}
-{{ if (and ($locationData.behind_load_balancer) ($locationData.redirect_http_traffic)) }}
-  if ($http_X_Forwarded_Proto = "http") {
-    return 301 https://$server_name$request_uri;
-  }
-{{ end }}
   location / {
     proxy_pass http://{{ $locationData.upstream }};
-    {{ if not $locationData.behind_load_balancer }}
-      proxy_set_header X-ProxyScheme http;
-      proxy_set_header X-Forwarded-Proto http;
-      proxy_set_header X-ProxyPort 80;
-    {{ end }}
-    proxy_set_header X-ProxyHost {{ $location }};
-    proxy_set_header Host {{ $location }};
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-ProxyContextPath /;
 {{ if $locationData.enable_basic_auth }}
     auth_basic "Authentication Required";
     auth_basic_user_file /etc/nginx/.htpasswd;
@@ -54,26 +45,16 @@ server {
 {{ end }}
 }
 
-{{ if $locationData.enable_ssl }}
+{{ if (and ($locationData.enable_ssl) ($locationData.provide_certs)) }}
 server {
   server_name {{ $location }};
-
-  location / {
-    proxy_pass http://{{ $locationData.upstream }};
-    proxy_set_header X-ProxyScheme https;
-    proxy_set_header X-ProxyHost {{ $location }};
-    proxy_set_header Host {{ $location }};
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_set_header X-ProxyPort 443;
-    proxy_set_header X-ProxyContextPath /;
-{{ if $locationData.enable_basic_auth }}
-    auth_basic "Authentication Required";
-    auth_basic_user_file /etc/nginx/.htpasswd;
-{{ end }}
-  }
-
   listen 443;
+  proxy_http_version 1.1;
+  proxy_set_header Connection "";
+  proxy_set_header X-ProxyScheme http;
+  proxy_set_header Host $http_host;
+  proxy_set_header X-ProxyContextPath /;
+
   ssl on;
   ssl_certificate           {{ $locationData.ssl_cert }};
   ssl_certificate_key       {{ $locationData.ssl_key }};
@@ -88,6 +69,14 @@ server {
   add_header                Strict-Transport-Security 'max-age=15768000';
   ssl_stapling              on;
   ssl_session_cache         builtin:1000 shared:SSL:10m;
+
+  location / {
+    proxy_pass http://{{ $locationData.upstream }};
+{{ if $locationData.enable_basic_auth }}
+    auth_basic "Authentication Required";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+{{ end }}
+  }
 }
 {{ end }}
 {{ end }}
diff --git a/reporting/docker-compose.yml b/reporting/docker-compose.yml
index 59106e38..ce82d19e 100644
--- a/reporting/docker-compose.yml
+++ b/reporting/docker-compose.yml
@@ -5,9 +5,9 @@ services:
     command: >
       sh -c "while ! curl -f \"http://consul:8500/v1/agent/self\"; do sleep 10;done
       && curl -X PUT -H \"Content-Type: application/json\" --data '{\"name\": \"superset-service\", \"address\": \"superset\", \"id\": \"superset1\", \"port\": 8088, \"tags\": [\"openlmis-service\"], \"check\": { \"http\": \"http://superset:8088/login\", \"method\": \"GET\", \"interval\": \"30s\", \"timeout\": \"10s\"}}' http://consul:8500/v1/agent/service/register
-      && curl -X PUT --data '{ \"upstream\": \"superset-service\", \"enable_basic_auth\": false, \"behind_load_balancer\": ${SUPERSET_BEHIND_LOAD_BALANCER}, \"redirect_http_traffic\": ${SUPERSET_LOAD_BALANCER_REDIRECT_HTTP}, \"enable_ssl\": ${SUPERSET_ENABLE_SSL}, \"ssl_cert\": \"/config/nginx/tls/${SUPERSET_SSL_CERT}\", \"ssl_key\": \"/config/nginx/tls/${SUPERSET_SSL_KEY}\", \"ssl_cert_chain\": \"/config/nginx/tls/${SUPERSET_SSL_CERT_CHAIN}\"}' http://consul:8500/v1/kv/resources/${SUPERSET_DOMAIN_NAME}
+      && curl -X PUT --data '{ \"upstream\": \"superset-service\", \"enable_basic_auth\": false, \"provide_certs\": ${SUPERSET_PROVIDE_CERTS}, \"enable_ssl\": ${SUPERSET_ENABLE_SSL}, \"ssl_cert\": \"/config/nginx/tls/${SUPERSET_SSL_CERT}\", \"ssl_key\": \"/config/nginx/tls/${SUPERSET_SSL_KEY}\", \"ssl_cert_chain\": \"/config/nginx/tls/${SUPERSET_SSL_CERT_CHAIN}\"}' http://consul:8500/v1/kv/resources/${SUPERSET_DOMAIN_NAME}
       && curl -X PUT -H \"Content-Type: application/json\" --data '{\"name\": \"nifi-service\", \"address\": \"nifi\", \"id\": \"nifi1\", \"port\": 8080, \"tags\": [\"openlmis-service\"], \"check\": { \"http\": \"http://nifi:8080\", \"method\": \"GET\", \"interval\": \"30s\", \"timeout\": \"10s\"}}' http://consul:8500/v1/agent/service/register
-      && curl -X PUT --data '{ \"upstream\": \"nifi-service\", \"enable_basic_auth\": true, \"behind_load_balancer\": ${NIFI_BEHIND_LOAD_BALANCER}, \"redirect_http_traffic\": ${NIFI_LOAD_BALANCER_REDIRECT_HTTP}, \"enable_ssl\": ${NIFI_ENABLE_SSL}, \"ssl_cert\": \"/config/nginx/tls/${NIFI_SSL_CERT}\", \"ssl_key\": \"/config/nginx/tls/${NIFI_SSL_KEY}\", \"ssl_cert_chain\": \"/config/nginx/tls/${NIFI_SSL_CERT_CHAIN}\"}' http://consul:8500/v1/kv/resources/${NIFI_DOMAIN_NAME}"
+      && curl -X PUT --data '{ \"upstream\": \"nifi-service\", \"enable_basic_auth\": true, \"provide_certs\": ${NIFI_PROVIDE_CERTS}, \"enable_ssl\": ${NIFI_ENABLE_SSL}, \"ssl_cert\": \"/config/nginx/tls/${NIFI_SSL_CERT}\", \"ssl_key\": \"/config/nginx/tls/${NIFI_SSL_KEY}\", \"ssl_cert_chain\": \"/config/nginx/tls/${NIFI_SSL_CERT_CHAIN}\"}' http://consul:8500/v1/kv/resources/${NIFI_DOMAIN_NAME}"
     build:
       context: ./config
     volumes: