diff --git a/nginx.conf.template b/nginx.conf.template
index aebfd26..97dc529 100644
--- a/nginx.conf.template
+++ b/nginx.conf.template
@@ -57,22 +57,21 @@ http {
         }
 
         location /api/ {
-            proxy_pass http://backend;
+            # Proxy to Quarkus
+            proxy_pass         http://backend;
+            proxy_http_version 1.1;
+            proxy_set_header   Host              $host;
+            proxy_set_header   X-Real-IP         $remote_addr;
+            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+            proxy_set_header   Upgrade           $http_upgrade;
+            proxy_set_header   Connection        "upgrade";
 
-            # Headers for both simple and preflight requests
-            add_header 'Access-Control-Allow-Origin' '$http_origin' always;
-            add_header 'Access-Control-Allow-Credentials' 'true' always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type' always;
-            add_header 'Access-Control-Expose-Headers' 'Authorization' always;
-
-            # Handle OPTIONS directly
-            if ($request_method = 'OPTIONS') {
-                add_header 'Access-Control-Max-Age' 1728000;
-                add_header 'Content-Type' 'text/plain; charset=UTF-8';
-                add_header 'Content-Length' 0;
-                return 204;
-            }
+            # Relay CORS headers from the backend
+            proxy_pass_header  Access-Control-Allow-Origin;
+            proxy_pass_header  Access-Control-Allow-Methods;
+            proxy_pass_header  Access-Control-Allow-Headers;
+            proxy_pass_header  Access-Control-Allow-Credentials;
         }
 
         # Cache static assets