diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix
index ca93de7..ca4fbf0 100644
--- a/system/machines/server/modules/nginx/default.nix
+++ b/system/machines/server/modules/nginx/default.nix
@@ -14,7 +14,6 @@ in
     privateAllowCidrs = mkOption {
       type = types.listOf types.str;
       default = [
-        "127.0.0.1/32"
         "192.168.0.0/24"
         "10.8.0.0/24"
       ];
@@ -41,25 +40,12 @@ in
       };
     };
 
-    services.sslh = {
-      enable = true;
-      listenAddresses = [ "0.0.0.0" ];
-      port = 443;
-      settings = {
-        protocols = [
-          { name = "ssh"; host = "127.0.0.1"; port = "22"; }
-          { name = "tls"; host = "127.0.0.1"; port = "4443"; }
-        ];
-      };
-    };
-
     services.nginx = {
       enable = true;
       recommendedTlsSettings = true;
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
       eventsConfig = "worker_connections 4096;";
-      defaultSSLListenPort = 4443;
 
       # Catch-all default - friendly error for unknown subdomains
       virtualHosts."_" = {