diff --git a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
index bf0abe2..980aaf1 100644
--- a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
+++ b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
@@ -15,14 +15,24 @@ events {
 # Listen on port 443 as a reverse proxy and use PROXY Protocol for the
 # upstreams.
 stream {
+    map $ssl_preread_server_name $first_jump {
+        aes.ccchh.net 212.12.48.125:443;
+        default 127.0.0.1:9443;
+    }
+
     map $ssl_preread_server_name $address {
         wiki.ccchh.net 10.31.206.13:8443;
-        aes.ccchh.net 10.31.206.14:8443;
         default 127.0.0.1:8443;
     }
 
     server {
         listen 0.0.0.0:443;
+        proxy_pass $first_jump;
+        ssl_preread on;
+    }
+
+    server {
+        listen 0.0.0.0:9443;
         proxy_pass $address;
         ssl_preread on;
         proxy_protocol on;