diff --git a/defaults/main.yml b/defaults/main.yml
index a9c29ad..71a26c5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,13 +11,13 @@ inception_project_service_volume: '/srv/inception_project_data'
 inception_project_service_port: 8080
 # IMPORTANT. Set it to True for the server that is going to host the DB
 inception_project_service_constraints: 'node.labels.service_data==inception_project'
-#inception_project_behind_haproxy: False
+# inception_project_behind_haproxy: False
 inception_project_haproxy_public_net: 'haproxy-public'
 # Settings
 inception_project_server_port: 8080
 inception_project_server_address: '0.0.0.0'
 inception_project_server_endpoint: 'inception.localdomain'
-inception_project_server_behind_reverse_proxy: True
+inception_project_server_behind_reverse_proxy: true
 inception_project_backup_interval: 300
 inception_project_backup_keep_number: 10
 inception_project_debug_enabled: 'false'
@@ -29,12 +29,12 @@ inception_pep: True
 inception_project_pep_allow_iframe: True
 inception_authz_audience_name: inception
 keycloak_auth_server: https://localhost
-#keycloak_auth_credentials_prod: 'use a vault file'
+# keycloak_auth_credentials_prod: 'use a vault file'
 # Choices: preauth, database
 inception_project_server_auth_mode: 'database'
 inception_project_server_preauth_header: 'remote_user'
 inception_project_server_preauth_default_roles: ''
-inception_project_server_set_preauth_logout_url: False
+inception_project_server_set_preauth_logout_url: false
 inception_project_server_preauth_logout_url: ""
 inception_project_server_preauth_users_roles: []
 # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' }
@@ -46,7 +46,7 @@ inception_project_db_host: 'mysql-server'
 inception_project_db_port: 3306
 inception_project_db_name: 'inception'
 inception_project_db_user: 'inception_user'
-#inception_project_db_pwd: 'set it in a vault file'
+# inception_project_db_pwd: 'set it in a vault file'
 inception_project_db_volume: 'inception_db_data'
 inception_project_db_constraints: 'node.labels.mysql_data==inception_project'
 
@@ -69,10 +69,12 @@ inception_project_settings:
   - 'websocket.enabled={{ inception_project_websockets_enabled }}'
   - 'websocket.loggedevent.enabled={{ inception_project_websockets_loggedevent_enabled }}'
 
+inception_project_additional_settings: []
+
 pep_port: 80
 pep_replicas: 1
 # hostnames to be used as vhosts
-#pep_credentials: in vault
-nginx_pep_debug_enabled: False
+# pep_credentials: in vault
+nginx_pep_debug_enabled: false
 nginx_pep_max_body_size: 500M
 nginx_pep_body_timeout: 60s
diff --git a/tasks/inception.yml b/tasks/inception.yml
index d8e884d..2500b12 100644
--- a/tasks/inception.yml
+++ b/tasks/inception.yml
@@ -11,7 +11,7 @@
       template: src=settings.properties.j2 dest={{ inception_project_service_volume }}/settings.properties owner=root group=root mode='0444'
 
   when: inception_project_docker_data_node == ansible_fqdn
-  tags: [ 'inception_project', 'inception_project_swarm' ]
+  tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
 
 - name: Manage the installation of the Inception project Docker stack
   block:
@@ -45,4 +45,4 @@
 
   run_once: True
   when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
-  tags: [ 'inception_project', 'inception_project_swarm' ]
+  tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
diff --git a/templates/settings.properties.j2 b/templates/settings.properties.j2
index f2e2584..5737cb6 100644
--- a/templates/settings.properties.j2
+++ b/templates/settings.properties.j2
@@ -12,14 +12,18 @@ auth.preauth.newuser.roles={{ inception_project_server_preauth_default_roles }}
 auth.user.{{ user_role.username }}.roles={{ user_role.roles }}
 {% endfor %}
 {% endif %}
+{% for additional_setting in inception_project_additional_settings %}
+{{ setting }}
+{% endfor %}
 {% if inception_project_disable_crsf %}
 wicket.core.csrf.enabled=false
 wicket.core.csrf.no-origin-action=allow
 wicket.core.csrf.conflicting-origin-action=allow
 {% endif %}
 {% if inception_project_server_behind_reverse_proxy %}
-#server.tomcat.internal-proxies=127\.0\.[0-1]\.1
+# server.tomcat.internal-proxies=127\.0\.[0-1]\.1
 server.tomcat.remote-ip-header=x-forwarded-for
+server.forward-headers-strategy=NATIVE
 server.tomcat.accesslog.request-attributes-enabled=true
 server.tomcat.protocol-header=x-forwarded-proto
 server.tomcat.protocol-header-https-value=https