diff --git a/Dockerfile b/Dockerfile
index 99f04a4..024de41 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -57,8 +57,6 @@ USER rails:rails
 # Entrypoint prepares the database.
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]
 
-ENV TLS_DOMAIN=datadeaddrop.com
-
 # Start the server by default, this can be overwritten at runtime
 EXPOSE 80
 CMD ["./bin/thrust", "./bin/rails", "server"]
diff --git a/config/deploy.yml b/config/deploy.yml
index cad41ee..5323093 100644
--- a/config/deploy.yml
+++ b/config/deploy.yml
@@ -27,7 +27,6 @@ builder:
 env:
   clear:
     HOSTNAME: datadeaddrop.com
-    TLS_DOMAIN: datadeaddrop.com
     RAILS_SERVE_STATIC_FILES: true
     RAILS_LOG_TO_STDOUT: true
     WEB_CONCURRENCY: 1
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 0c03ded..8ec8486 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -52,6 +52,7 @@
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
+  config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } }
 
   # Log to STDOUT by default
   config.logger = ActiveSupport::Logger.new($stdout)
@@ -95,6 +96,7 @@
   #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
   # ]
   # Skip DNS rebinding protection for the default health check endpoint.
-  # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
+  config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
+
   config.active_record.sqlite3_production_warning = false
 end