diff --git a/salt/pillars/rancher.sls b/salt/pillars/rancher.sls
index 518aab4..8623d47 100644
--- a/salt/pillars/rancher.sls
+++ b/salt/pillars/rancher.sls
@@ -1,5 +1,5 @@
 rancher:
   ca_passphrase: rancher
   url: docker.io/rancher/rancher
-  tag: v2.6.1
+  tag: v2.6.2
   bootstrapPassword: rancher
diff --git a/salt/states/rancher/certs.sls b/salt/states/rancher/certs.sls
index 057cb8d..5bea15a 100644
--- a/salt/states/rancher/certs.sls
+++ b/salt/states/rancher/certs.sls
@@ -58,7 +58,7 @@ Set permission on rancher-server singing request:
 
 Create the rancher-server certificate:
   cmd.run:
-    - name: openssl x509 -req -in rancher-server.csr -CA rancher-ca.crt -CAkey rancher-ca.key -CAcreateserial -out rancher-server.crt -days 3650 -sha256 -passin pass:{{ pillar['rancher']['ca_passphrase'] }}
+    - name: openssl x509 -req -in rancher-server.csr -CA rancher-ca.crt -CAkey rancher-ca.key -CAcreateserial --extfile rancher-server.cnf -extensions v3_req -out rancher-server.crt -days 3650 -sha256 -passin pass:{{ pillar['rancher']['ca_passphrase'] }}
     - cwd: /etc/rancher/ssl
     - onchanges:
       - cmd: Create the rancher-server signing request
diff --git a/salt/states/rancher/files/rancher-proxy.conf.jinja b/salt/states/rancher/files/rancher-proxy.conf.jinja
index a74a862..1921bef 100644
--- a/salt/states/rancher/files/rancher-proxy.conf.jinja
+++ b/salt/states/rancher/files/rancher-proxy.conf.jinja
@@ -1,16 +1,25 @@
+map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+}
+
 server {
     listen       443;
     server_name  rancher.{{ pillar['network']['domain'] }};
     ssl_certificate     /etc/rancher/ssl/rancher-server.crt;
     ssl_certificate_key /etc/rancher/ssl/rancher-server.key;
     location /{ 
-        proxy_pass https://localhost:6443;
+        proxy_pass https://localhost:9443;
 	proxy_ssl_trusted_certificate /etc/rancher/ssl/rancher-server.crt;
-	proxy_ssl_verify off;
-        proxy_set_header Host      $host:$server_port;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+
     }
 }
 
diff --git a/salt/states/rancher/files/rancher-server.cnf.jinja b/salt/states/rancher/files/rancher-server.cnf.jinja
index 4eded85..9ac5614 100644
--- a/salt/states/rancher/files/rancher-server.cnf.jinja
+++ b/salt/states/rancher/files/rancher-server.cnf.jinja
@@ -25,5 +25,5 @@ subjectAltName                 = @alt_names
 CN                             = rancher.{{ pillar['network']['domain'] }}
 
 [alt_names]
-DNS.0                          = rancher.{{ pillar['network']['domain'] }}
-IP.0                           = {{ pillar['network']['ip'] }}
+DNS.1 = rancher.{{ pillar['network']['domain'] }}
+IP.1 = {{ pillar['network']['ip'] }}
diff --git a/salt/states/rancher/server.sls b/salt/states/rancher/server.sls
index 6fde5e6..4e97254 100644
--- a/salt/states/rancher/server.sls
+++ b/salt/states/rancher/server.sls
@@ -40,7 +40,7 @@ Remove old rancher container:
 
 Create rancher container:
   cmd.run:
-    - name: podman container create --name rancher --privileged --publish 6080:80 --publish 6443:443 --volume /etc/rancher/ssl/rancher-server.crt:/etc/rancher/ssl/cert.pem --volume /etc/rancher/ssl/rancher-server.key:/etc/rancher/ssl/key.pem --volume /etc/rancher/ssl/rancher-ca.crt:/etc/rancher/ssl/cacerts.pem --volume /srv/rancher-container:/var/lib/rancher --env CATTLE_BOOTSTRAP_PASSWORD={{ pillar['rancher']['bootstrapPassword'] }} {{ pillar['rancher']['url'] }}:{{ pillar['rancher']['tag'] }}
+    - name: podman container create --name rancher --privileged --publish 9080:80 --publish 9443:443 --volume /etc/rancher/ssl/rancher-server.crt:/etc/rancher/ssl/cert.pem --volume /etc/rancher/ssl/rancher-server.key:/etc/rancher/ssl/key.pem --volume /etc/rancher/ssl/rancher-ca.crt:/etc/rancher/ssl/cacerts.pem --volume /srv/rancher-container:/var/lib/rancher --env CATTLE_BOOTSTRAP_PASSWORD={{ pillar['rancher']['bootstrapPassword'] }} {{ pillar['rancher']['url'] }}:{{ pillar['rancher']['tag'] }}
     - unless: podman container exists rancher
 
 Start the rancher container: