diff --git a/host_vars/srv03 b/host_vars/srv03
index 2f01911..ade5936 100644
--- a/host_vars/srv03
+++ b/host_vars/srv03
@@ -1,7 +1,8 @@
 certsync_host: srv01.hamburg.freifunk.net
 nginx_resolver: 80.252.105.162 80.252.105.194
 updates_letsencrypt_srv01: true
-updates_owner: www-data
+updates_owner: ffupdates
+updates_group: www-data
 updates_root: /var/www/updates
 updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
 updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
diff --git a/roles/website/updates/defaults/main.yml b/roles/website/updates/defaults/main.yml
index 323f020..3f57e1a 100644
--- a/roles/website/updates/defaults/main.yml
+++ b/roles/website/updates/defaults/main.yml
@@ -4,4 +4,5 @@ updates_letsencrypt_local: false
 updates_letsencrypt_srv01: false
 updates_letsencrypt_srv02: false
 updates_owner: ffupdates
+updates_group: ffupdates
 updates_root: /home/ffupdates/updates
diff --git a/roles/website/updates/tasks/main.yml b/roles/website/updates/tasks/main.yml
index 5a0ed36..bc32f4a 100644
--- a/roles/website/updates/tasks/main.yml
+++ b/roles/website/updates/tasks/main.yml
@@ -7,9 +7,14 @@
   file:
     path: "{{ updates_root }}"
     owner: "{{ updates_owner }}"
-    group: "{{ updates_owner }}"
+    group: "{{ updates_group }}"
     state: directory
 
+- name: copy updates_domains.conf
+  copy:
+    src: updates_domains.conf
+    dest: /etc/nginx/include
+
 - name: template site
   template:
     src: templates/site.j2
diff --git a/roles/website/updates/templates/site.j2 b/roles/website/updates/templates/site.j2
index 8bd549e..17751dc 100644
--- a/roles/website/updates/templates/site.j2
+++ b/roles/website/updates/templates/site.j2
@@ -11,14 +11,11 @@ server {
     ssl_certificate_key {{ updates_ssl_certificate_key }};
 
     root {{ updates_root }};
-
-    if ($ffhh-sued) {
-        rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
-    }
+    include /etc/nginx/include/updates_domains.conf;
+    include /etc/nginx/include/listing.conf;
 
     location / {
         include /etc/nginx/include/headers_hsts.conf;
-        include /etc/nginx/include/listing.conf;
     }
 
     location = /config {
@@ -37,14 +34,8 @@ server {
     server_name updates.hamburg.freifunk.net;
 
     root {{ updates_root }};
-
-    if ($ffhh-sued) {
-        rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
-    }
-
-    location / {
-        include /etc/nginx/include/listing.conf;
-    }
+    include /etc/nginx/include/updates_domains.conf;
+    include /etc/nginx/include/listing.conf;
 {% if updates_letsencrypt_local %}
 
     include /etc/nginx/include/letsencrypt.conf;
@@ -66,12 +57,6 @@ server {
     server_name *.updates.services.ffhh;
 
     root {{ updates_root }};
-
-    if ($ffhh-sued) {
-        rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
-    }
-
-    location / {
-        include /etc/nginx/include/listing.conf;
-    }
+    include /etc/nginx/include/updates_domains.conf;
+    include /etc/nginx/include/listing.conf;
 }