diff --git a/README.md b/README.md
index 9e0e99e1cb732cfba86707d646e9140119c17c57..d22ebbaed765dbb19ef4ee443197a6d8bff3c25a 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ It requires the following CPAN distributions:
 * Locale-Maketext-Lexicon
 * Mojolicious
 * Mojolicious-Plugin-INIConfig
-* Mojolicious-Plugin-ClientIP
+* Mojolicious-Plugin-ForwardedFor
 * Mojolicious-Plugin-TemplateToolkit
 * Rose-DB-Object
 * Syntax-Keyword-Try
diff --git a/conf/manager.conf b/conf/manager.conf
index 162676f20fd9651e0a99eef6a227747f3633d9e6..292af27c1ac78fc74bd445a11d9b0467c7ca8e23 100644
--- a/conf/manager.conf
+++ b/conf/manager.conf
@@ -3,7 +3,6 @@ support_email = support@my.fqdn
 name = eduGAIN Access Check
 url = https://access-check.my.fqdn
 login_url = https://access-check.my.fqdn/Shibboleth.sso/Login
-proxies =
 
 [setup]
 # templates theme
diff --git a/lib/AccessCheck/App.pm b/lib/AccessCheck/App.pm
index 428e3cbe79feeaa46d2047cc4d746f688ddc696b..8799bf5d086e7bd35a2a655bcc479237910d7787 100644
--- a/lib/AccessCheck/App.pm
+++ b/lib/AccessCheck/App.pm
@@ -42,11 +42,7 @@ sub startup {
     );
 
     $self->plugin(
-        'ClientIP',
-        {
-            private => [ '127.0.0.0/8' ],
-            ignore  => [ $self->string_to_list($config->{app}->{proxies}) ]
-        }
+        'ForwardedFor',
     );
 
     $self->log(
diff --git a/lib/AccessCheck/App/Status.pm b/lib/AccessCheck/App/Status.pm
index 26313543b6e90e2a05a0c73535e73b3bfa5709f1..b4bea276ba7fc6a1e3653e9fb35e1e1168b45aa0 100644
--- a/lib/AccessCheck/App/Status.pm
+++ b/lib/AccessCheck/App/Status.pm
@@ -41,7 +41,7 @@ sub run {
         return;
     }
 
-    my $client_ip   = $self->client_ip();
+    my $client_ip   = $self->forwarded_for();
     my @allowed_ips = $self->string_to_list($config->{status}->{allowed});
 
     if (none { network_contains($_, $client_ip) } @allowed_ips) {
diff --git a/lib/AccessCheck/App/Step3.pm b/lib/AccessCheck/App/Step3.pm
index 83e68d56399b0817d59c778f724d91ffb1d7ea0e..568d5fc2a65724b67636f48761bfe3f85830a1df 100644
--- a/lib/AccessCheck/App/Step3.pm
+++ b/lib/AccessCheck/App/Step3.pm
@@ -112,7 +112,7 @@ sub run {
             name          => $config->{app}->{name},
         },
         user          => $user->{name},
-        source_ip     => $self->client_ip(),
+        source_ip     => $self->forwarded_for(),
         idp           => { entityid => $user->{idp}, },
         sp            => { entityid => $entityid, },
         to            => $email,
diff --git a/systemd/access-check.sysconfig.in b/systemd/access-check.sysconfig.in
index cd44c65210c12d24ddf7fb259c39b67293a57422..d150a34127cff466e42fd3816f03dd9c98034703 100644
--- a/systemd/access-check.sysconfig.in
+++ b/systemd/access-check.sysconfig.in
@@ -3,3 +3,4 @@ ACCESS_CHECK_SERVER=daemon
 ACCESS_CHECK_URL=http://127.0.0.1:3000
 ACCESS_CHECK_OPTIONS=
 ACCESS_CHECK_CONFIG=@confdir@/manager.conf
+MOJO_REVERSE_PROXY=1