diff --git a/systems/x86_64-linux/stargate/services/ente.nix b/systems/x86_64-linux/stargate/services/ente.nix
index c7fa649..5bbf22c 100644
--- a/systems/x86_64-linux/stargate/services/ente.nix
+++ b/systems/x86_64-linux/stargate/services/ente.nix
@@ -8,12 +8,13 @@ let
 domain = "ente.kylekrein.com";
 in
 {
-    sops.secrets."services/minio" = {};
+    sops.secrets."services/minio" = {owner = "minio";};
     services.minio = {
         enable = true;
     	# ente's config must match this region!
     	region = "us-east-1";
 	listenAddress = ":21939";
+	consoleAddress = ":21940";
     # Please use a file, agenix or sops-nix to securely store your root user password!
     # MINIO_ROOT_USER=your_root_user
     # MINIO_ROOT_PASSWORD=a_randomly_generated_long_password
@@ -23,6 +24,11 @@ in
   systemd.services.minio.environment.MINIO_SERVER_URL = "https://s3.kylekrein.com";
 
   services.nginx = {
+   virtualHosts."web.s3.kylekrein.com" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:21940";
+    };
     virtualHosts."s3.kylekrein.com" = {
       forceSSL = true;
       enableACME = true;
@@ -61,8 +67,9 @@ in
 		apps.cast = "https://cast.${domain}";
 		public-albums = "https://albums.${domain}";
 		s3 = {
-                    use_path_style_urls = true;
           	    b2-eu-cen = {
+		        are_local_buckets = false;
+                    	use_path_style_urls = true;
             	        endpoint = "https://s3.kylekrein.com";
             		region = "us-east-1";
             		bucket = "ente";