diff --git a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
index 653b03a6..e727b65e 100644
--- a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
+++ b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
@@ -16,6 +16,15 @@ controller:
   config:
     body-size: "0"
     tune.bufsize: "131072"
+    ssl-redirect: "true"
+    forwarded-for: "true"
+
+    # Disable QUIC ar Hetzner LB doesn't support UDP
+    quic-enabled: "false"
+
+    # Proxy protocol
+    proxy-protocol: "10.0.0.0/8"
+    use-proxy-protocol: "true"
 
   tolerations:
    - key: unschedulable
@@ -96,3 +105,11 @@ controller:
 
   serviceMonitor:
     enabled: true
+
+  defaultTLSSecret:
+    enabled: true
+    # Create this secret separately (self-signed or real cert)
+    secret: ingress-haproxy/ingress-haproxy-default-cert
+
+  extraArgs:
+    - --disable-quic