diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 7b89fb8..c6025a9 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: metagrid
 description: A Helm chart for the Metagrid frontend/backend
 type: application
-version: 0.1.6
+version: 0.1.7
 appVersion: "1.2.0"
 home: https://github.com/esgf2-us/metagrid-k8s
 sources:
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index c7c775e..adbbe68 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -122,9 +122,13 @@ Django base url
 Django Url
 */}}
 {{- define "metagrid.django.url" -}}
+{{- if .Values.react.backendUrl }}
+{{- printf "%s" .Values.react.backendUrl }}
+{{- else }}
 {{- $baseUrl := include "metagrid.django.baseUrl" . }}
 {{- printf "%s%s" $baseUrl (printf "/%s" (trimPrefix "/" .Values.django.urlPath)) }}
 {{- end }}
+{{- end }}
 
 {{/*
 Django login url
@@ -146,23 +150,39 @@ Django logout url
 Django login redirect
 */}}
 {{- define "metagrid.django.loginRedirect" -}}
-{{- $baseUrl := include "metagrid.react.url" . }}
-{{- printf "%s/%s" $baseUrl (trimPrefix "/" .Values.django.loginRedirect) }}
+{{- $path := "" }}
+{{- with .Values.django.loginRedirect }}
+{{- $path = printf "/%s" (trimPrefix "/" .) }}
+{{- end }}
+{{- printf "%s%s" (include "metagrid.react.url" .) $path }}
 {{- end }}
 
 {{/*
 Django logout redirect
 */}}
 {{- define "metagrid.django.logoutRedirect" -}}
-{{- $baseUrl := include "metagrid.react.url" . }}
-{{- printf "%s/%s" $baseUrl (trimPrefix "/" .Values.django.logoutRedirect) }}
+{{- $path := "" }}
+{{- with .Values.django.logoutRedirect }}
+{{- $path = printf "/%s" (trimPrefix "/" .) }}
+{{- end }}
+{{- printf "%s%s" (include "metagrid.react.url" .) $path }}
 {{- end }}
 
 {{/*
 Django ALLOWED_HOSTS
 */}}
 {{- define "metagrid.djangoAllowedHosts" -}}
-{{- join "," (list "127.0.0.1" "localhost" (printf "%s-django" (include "metagrid.fullname" .)) .Values.ingress.react.host ) -}}
+{{- $allowed_hosts := list "127.0.0.1" "localhost" (printf "%s-django" (include "metagrid.fullname" .)) }}
+
+{{- if and .Values.ingress.enabled .Values.ingress.react.host }}
+{{- $allowed_hosts = append $allowed_hosts .Values.ingress.react.host }}
+{{- end }}
+
+{{- if .Values.baseUrl }}
+{{- $allowed_hosts = append $allowed_hosts (last (regexSplit "/" .Values.baseUrl -1)) }}
+{{- end }}
+
+{{- join "," $allowed_hosts -}}
 {{- end }}
 
 {{/*
diff --git a/chart/templates/django/configmap.yaml b/chart/templates/django/configmap.yaml
index f5d2fd1..9c5deba 100644
--- a/chart/templates/django/configmap.yaml
+++ b/chart/templates/django/configmap.yaml
@@ -6,28 +6,28 @@ metadata:
     {{- include "metagrid.labels" . | nindent 4 }}
     app.kubernetes.io/component: django
 data:
+  PYTHONBUFFERED: "1"
   {{- with .Values.django.gunicornCmdArgs }}
   GUNICORN_CMD_ARGS: {{ . | quote }}
   {{- end }}
-  PYTHONBUFFERED: "1"
+  DOMAIN_NAME: {{ default "127.0.0.1" .Values.ingress.django.host }}
+  DOMAIN_SUBDIRECTORY: {{ trimPrefix "/" .Values.django.urlPath }}
   DJANGO_DEBUG: {{ .Values.django.debug | quote }}
+  DJANGO_SETTINGS_MODULE: config.settings.production
+  DJANGO_SECRET_KEY: {{ default (randAlphaNum 32) .Values.django.secretKey }}
   DJANGO_ADMIN_URL: {{ .Values.django.adminUrl }}
   DJANGO_ALLOWED_HOSTS: {{ include "metagrid.djangoAllowedHosts" . | quote }}
   DJANGO_SECURE_SSL_REDIRECT: "False"
-  DJANGO_SETTINGS_MODULE: config.settings.production
-  DJANGO_LOGIN_REDIRECT_URL: {{ include "metagrid.django.loginRedirect" . | quote }}
-  DJANGO_LOGOUT_REDIRECT_URL: {{ include "metagrid.django.logoutRedirect" . | quote }}
-  GLOBUS_CLIENT_KEY: {{ .Values.globus.clientID }}
-  DOMAIN_NAME: {{ default "127.0.0.1" .Values.ingress.django.host }}
-  DOMAIN_SUBDIRECTORY: {{ trimPrefix "/" .Values.django.urlPath }}
   CORS_ALLOWED_ORIGINS: {{ include "metagrid.django.corsOriginWhitelist" . }}
   # CORS_ORIGIN_WHITELIST: {{ include "metagrid.django.corsOriginWhitelist" . }}
-  {{- if eq .Values.authType "globus" }}
+  KEYCLOAK_URL: {{ .Values.keyCloak.url }}
+  KEYCLOAK_REALM: {{ .Values.keyCloak.realm }}
+  KEYCLOAK_CLIENT_ID: {{ .Values.keyCloak.clientID }}
+  DJANGO_LOGIN_REDIRECT_URL: {{ include "metagrid.django.loginRedirect" . | quote }}
+  DJANGO_LOGOUT_REDIRECT_URL: {{ include "metagrid.django.logoutRedirect" . | quote }}
   GLOBUS_CLIENT_KEY: {{ .Values.globus.backend.clientID }}
-  {{- end }}
-  KEYCLOAK_URL: {{ default "" .Values.keyCloak.url }}
-  KEYCLOAK_REALM: {{ default "" .Values.keyCloak.realm }}
-  KEYCLOAK_CLIENT_ID: {{ default "" .Values.keyCloak.clientID }}
+  GLOBUS_CLIENT_SECRET: {{ .Values.globus.backend.clientSecret }}
+  # Required by api_proxy
   REACT_APP_WGET_API_URL: {{ .Values.wgetApiUrl }}
   REACT_APP_SEARCH_URL: {{ .Values.searchUrl }}
   REACT_APP_ESGF_NODE_STATUS_URL: {{ .Values.esgfNodeStatusUrl }}
diff --git a/chart/templates/django/deployment.yaml b/chart/templates/django/deployment.yaml
index e26392f..fb5086e 100644
--- a/chart/templates/django/deployment.yaml
+++ b/chart/templates/django/deployment.yaml
@@ -8,13 +8,10 @@ metadata:
     {{- with .Values.django.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+  {{- with .Values.django.annotations }}
   annotations:
-    {{- $configmap := include (print $.Template.BasePath "/django/configmap.yaml") . }}
-    {{- $secret := include (print $.Template.BasePath "/django/secret.yaml") . }}
-    checksum/config: {{ print $configmap $secret | sha256sum }}
-    {{- with .Values.django.annotations }}
     {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- end }}
 spec:
   {{- if not .Values.django.autoscaling.enabled }}
   replicas: {{ .Values.django.replicaCount }}
@@ -25,10 +22,13 @@ spec:
       app.kubernetes.io/component: django
   template:
     metadata:
-      {{- with .Values.django.podAnnotations }}
       annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- $configmap := include (print $.Template.BasePath "/django/configmap.yaml") . }}
+        {{- $secret := include (print $.Template.BasePath "/django/secret.yaml") . }}
+        checksum/config: {{ print $configmap $secret | sha256sum }}
+        {{- with .Values.django.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "metagrid.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: django
diff --git a/chart/templates/react/configmap.yaml b/chart/templates/react/configmap.yaml
index 4fbcac6..3ac45ed 100644
--- a/chart/templates/react/configmap.yaml
+++ b/chart/templates/react/configmap.yaml
@@ -8,8 +8,9 @@ metadata:
 data:
   RELEASE: production
   PUBLIC_URL: {{ .Values.react.urlPath }}
-  REACT_APP_METAGRID_API_URL: {{ include "metagrid.django.url" . }}
   REACT_APP_PREVIOUS_URL: {{ default "" .Values.react.previousUrlPath }}
+  REACT_APP_METAGRID_API_URL: {{ include "metagrid.django.url" . }}
+  REACT_APP_AUTHENTICATION_METHOD: {{ .Values.authType }}
   {{- if eq .Values.authType "globus" }}
   REACT_APP_GLOBUS_REDIRECT: {{ .Values.globus.frontend.redirect }}
   REACT_APP_CLIENT_ID: {{ .Values.globus.frontend.clientID }}
@@ -23,18 +24,22 @@ data:
   REACT_APP_KEYCLOAK_URL: {{ .url }}
   REACT_APP_KEYCLOAK_CLIENT_ID: {{ .clientID }}
   {{- end }}
+  REACT_APP_DJANGO_LOGIN_URL: {{ include "metagrid.django.loginUrl" . }}
+  REACT_APP_DJANGO_LOGOUT_URL: {{ include "metagrid.django.logoutUrl" . }}
   {{- with .Values.react.hotjar }}
   REACT_APP_HOTJAR_ID: {{ .id | quote }}
   REACT_APP_HOTJAR_SV: {{ .sv | quote }}
   {{- end }}
-  REACT_APP_DJANGO_LOGIN_URL: {{ include "metagrid.django.loginUrl" . }}
-  REACT_APP_DJANGO_LOGOUT_URL: {{ include "metagrid.django.logoutUrl" . }}
-  REACT_APP_AUTHENTICATION_METHOD: {{ .Values.authType }}
+  REACT_APP_GOOGLE_ANALYTICS_TRACKING_ID: {{ default "" .Values.react.googleAnalyticsID }}
   # TODO default metagrid nginx adds location for PREVIOUS_URL and breaks reverse proxy
   default.conf: |
     server {
       listen {{ .Values.react.service.port }};
 
+      location / {
+        return 301 /metagrid;
+      }
+
       location ^~ {{ printf "/%s" (trimPrefix "/" .Values.react.urlPath) }} {
         alias   /usr/share/nginx/html/;
         index  index.html index.htm;
diff --git a/chart/templates/react/deployment.yaml b/chart/templates/react/deployment.yaml
index a14b618..19fa9a0 100644
--- a/chart/templates/react/deployment.yaml
+++ b/chart/templates/react/deployment.yaml
@@ -8,11 +8,10 @@ metadata:
     {{- with .Values.react.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
+  {{- with .Values.react.annotations }}
   annotations:
-    checksum/config: {{ include (print $.Template.BasePath "/react/configmap.yaml") . | sha256sum }}
-    {{- with .Values.react.annotations }}
     {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- end }}
 spec:
   {{- if not .Values.react.autoscaling.enabled }}
   replicas: {{ .Values.react.replicaCount }}
@@ -23,8 +22,9 @@ spec:
       app.kubernetes.io/component: react
   template:
     metadata:
-      {{- with .Values.react.podAnnotations }}
       annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/react/configmap.yaml") . | sha256sum }}
+      {{- with .Values.react.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
diff --git a/chart/values.yaml b/chart/values.yaml
index 7e30a24..a9977ff 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -5,11 +5,11 @@ globus:
   redirect: https://localhost:3000/cart/items
   # -- Client ID for a globus thick client, the redirect will need to be the url of the frontend e.g. https://metagrid.io/metagrid
   frontend:
-    clientID:
+    clientID: client_id
   # -- Client ID/Secret for globus portal, the redirect will need to be the url of the backend e.g. https://metagrid.io/metagrid-backend/complete/globus/
   backend:
-    clientID:
-    clientSecret:
+    clientID: client_id
+    clientSecret: client_secret
   nodes:
     - aims3.llnl.gov
     - esgf-data1.llnl.gov
@@ -17,11 +17,11 @@ globus:
 
 keyCloak:
   # -- Keycloak service url
-  url:
+  url: http://127.0.0.1:8080
   # -- Client realm
-  realm:
+  realm: metagrid
   # -- Client ID
-  clientID:
+  clientID: client_id
 
 # -- ESGF wget service url
 wgetApiUrl: https://esgf-node.llnl.gov/esg-search/wget
@@ -69,7 +69,7 @@ react:
   googleAnalyticsID:
 
   # -- Custom url for external metagrid backend
-  backendUrl: http://127.0.0.1:5000
+  backendUrl:
 
   # -- Frontend path prefix
   urlPath: /metagrid
diff --git a/examples/ingress-nginx/.gitignore b/examples/ingress-nginx/.gitignore
new file mode 100644
index 0000000..76299d7
--- /dev/null
+++ b/examples/ingress-nginx/.gitignore
@@ -0,0 +1 @@
+overrides.yaml
diff --git a/examples/ingress-nginx/Makefile b/examples/ingress-nginx/Makefile
new file mode 100644
index 0000000..2692f40
--- /dev/null
+++ b/examples/ingress-nginx/Makefile
@@ -0,0 +1,13 @@
+.PHONY: deploy
+deploy:
+	MINIKUBE_IP=$(shell minikube ip) envsubst '$$MINIKUBE_IP' < overrides.yaml.tpl > overrides.yaml
+	helm upgrade --install -f overrides.yaml test ../../chart
+
+.PHONY: delete
+delete:
+	helm delete test
+
+.PHONY: open
+open:
+	@echo "Run:\n\techo '$(shell minikube ip) metagrid.minikube.io' >> /etc/hosts"
+	@echo "Visit:\n\t https://metagrid.minikube.io/metagrid/"
diff --git a/examples/ingress-nginx/overrides.yaml.tpl b/examples/ingress-nginx/overrides.yaml.tpl
new file mode 100644
index 0000000..0f395a0
--- /dev/null
+++ b/examples/ingress-nginx/overrides.yaml.tpl
@@ -0,0 +1,11 @@
+ingress:
+  enabled: true
+
+  react:
+    host: metagrid.minikube.io
+
+  django:
+    host: metagrid.minikube.io
+
+  tls:
+    enabled: true
diff --git a/examples/port-forward/Makefile b/examples/port-forward/Makefile
new file mode 100644
index 0000000..b7aaca6
--- /dev/null
+++ b/examples/port-forward/Makefile
@@ -0,0 +1,13 @@
+.PHONY: deploy
+deploy:
+	helm upgrade --install test ../../chart
+
+.PHONY: delete
+delete:
+	helm delete test
+
+.PHONY: open
+open:
+	@echo "Visit:\n\thttp://127.0.0.1:3000/metagrid/"
+	minikube kubectl -- port-forward $(shell minikube kubectl --  get pods --selector app.kubernetes.io/component=django -oname) 5000 & \
+		minikube kubectl -- port-forward $(shell minikube kubectl --  get pods --selector app.kubernetes.io/component=react -oname) 3000
diff --git a/tbump.toml b/tbump.toml
index 995f1a3..36f5539 100644
--- a/tbump.toml
+++ b/tbump.toml
@@ -1,7 +1,7 @@
 github_url = "https://github.com/esgf2-us/metagrid-k8s/"
 
 [version]
-current = "0.1.6"
+current = "0.1.7"
 
 regex = '''
   (?P<major>\d+)