diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf
index c986e325..3aed4a14 100644
--- a/modules/kubernetes/immich/main.tf
+++ b/modules/kubernetes/immich/main.tf
@@ -147,6 +147,18 @@ resource "kubernetes_ingress_v1" "immich" {
       "gethomepage.dev/widget.url"   = "https://immich.viktorbarzin.me"
       "gethomepage.dev/pod-selector" = ""
       "gethomepage.dev/widget.key"   = var.homepage_token
+
+      # location ~* \.(png|jpg|jpeg|gif|webp|svg)$ {
+      #   expires 1M;
+      #   add_header Cache-Control "public, max-age=31536000, immutable";
+      # }
+      "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
+        proxy_cache static-cache;
+        proxy_cache_valid 404 1m;
+        proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
+        proxy_cache_bypass $http_x_purge;
+        add_header X-Cache-Status $upstream_cache_status;
+        EOF
     }
   }
 
diff --git a/modules/kubernetes/nginx-ingress/main.tf b/modules/kubernetes/nginx-ingress/main.tf
index cd93078c..63b6634a 100644
--- a/modules/kubernetes/nginx-ingress/main.tf
+++ b/modules/kubernetes/nginx-ingress/main.tf
@@ -331,6 +331,12 @@ resource "kubernetes_config_map" "ingress_nginx_controller" {
     plugins = "crowdsec"
     # plugins          = ""
     lua-shared-dicts = "crowdsec_cache: 50m"
+    http-snippet : <<-EOT
+      proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:2m max_size=100m inactive=7d use_temp_path=off;
+      proxy_cache_key $scheme$proxy_host$request_uri;
+      proxy_cache_lock on;
+      proxy_cache_use_stale updating;
+    EOT
     server-snippet : <<-EOT
     lua_ssl_trusted_certificate "/etc/ssl/certs/ca-certificates.crt"; # Captcha
     #resolver local=on ipv6=off valid=600s;
@@ -415,6 +421,7 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
   }
   spec {
     replicas = 3
+
     selector {
       match_labels = {
         "app.kubernetes.io/component" = "controller"
@@ -430,6 +437,7 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
           "app.kubernetes.io/name"      = "ingress-nginx"
           "app.kubernetes.io/part-of"   = "ingress-nginx"
           "app.kubernetes.io/version"   = "1.8.2"
+          "app"                         = "ingress-nginx"
         }
       }
       spec {
@@ -460,6 +468,10 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
             name  = "API_KEY"
             value = var.crowdsec_api_key
           }
+          env {
+            name  = "MODE"
+            value = "stream"
+          }
           env {
             name  = "CAPTCHA_PROVIDER"
             value = "recaptcha"
@@ -622,8 +634,10 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
       type = "RollingUpdate"
       rolling_update {
         max_unavailable = "1"
+        max_surge       = "2"
       }
     }
+
     revision_history_limit = 10
   }
 }
diff --git a/terraform.tfstate b/terraform.tfstate
index e5b160fa..fa260536 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ