diff --git a/dbrepo-gateway-service/dbrepo.conf b/dbrepo-gateway-service/dbrepo.conf
index fd66cf805ef4bc7d5e7bb5e93ee54381015e88f6..68778de757bf331e183e7258755c6f3ef210d6ec 100644
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -40,6 +40,10 @@ upstream dashboard-service {
     server dashboard-service:3000;
 }
 
+upstream auth-service {
+    server auth-service:8080;
+}
+
 server {
     listen 8080 default_server;
     server_name _;
@@ -67,6 +71,26 @@ server {
         proxy_read_timeout      90;
     }
 
+    # Proxy Keycloak OIDC connections, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location /realms {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://auth-service;
+        proxy_read_timeout      90;
+    }
+
+    # Proxy Keycloak assets, c.f. https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location /resources {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://auth-service;
+        proxy_read_timeout      90;
+    }
+
     location /api/search {
         proxy_set_header        Host $host;
         proxy_set_header        X-Real-IP $remote_addr;
diff --git a/dbrepo-ui/nuxt.config.ts b/dbrepo-ui/nuxt.config.ts
index 0f2099a387ea727425de40a0c4d092768071697c..92403e293add93828152c681f3b5203677ba09ab 100644
--- a/dbrepo-ui/nuxt.config.ts
+++ b/dbrepo-ui/nuxt.config.ts
@@ -3,19 +3,19 @@ import vuetify from 'vite-plugin-vuetify'
 
 const proxy: any = {}
 
-// /* proxies the backend calls, >>NOT<< the frontend calls (clicking) */
-// if (process.env.NODE_ENV === 'development') {
-//   const api = 'http://localhost'
-//   proxy['/api'] = api
-//   proxy['/pid'] = {
-//     target: api + '/api',
-//     changeOrigin: true,
-//     pathRewrite: {
-//       '^/pid': '/pid'
-//     }
-//   }
-//   process.env.NUXT_PUBLIC_API_SERVER = api
-// }
+/* proxies the backend calls, >>NOT<< the frontend calls */
+if (process.env.NODE_ENV === 'development') {
+  const api = 'http://localhost'
+  proxy['/api'] = api
+  proxy['/pid'] = {
+    target: api + '/api',
+    changeOrigin: true,
+    pathRewrite: {
+      '^/pid': '/pid'
+    }
+  }
+  process.env.NUXT_PUBLIC_API_SERVER = api
+}
 
 /**
  * https://nuxt.com/docs/guide/concepts/rendering#hybrid-rendering
@@ -111,15 +111,15 @@ export default defineNuxtConfig({
     providers: {
       keycloak: {
         audience: 'account',
-        baseUrl: 'http://localhost:8080/realms/dbrepo',
+        baseUrl: 'http://localhost/realms/dbrepo',
         clientId: 'dbrepo-client',
         clientSecret: '', // inject on runtime
         scope: ['openid', 'roles'],
         optionalClaims: ['realm_access'],
-        redirectUri: 'http://localhost:3001/auth/keycloak/callback',
+        redirectUri: 'http://localhost/auth/keycloak/callback',
         userNameClaim: 'preferred_username',
         exposeAccessToken: true,
-        logoutRedirectUri: 'http://localhost:3001',
+        logoutRedirectUri: 'http://localhost',
       },
     },
     middleware: {
diff --git a/docker-compose.yml b/docker-compose.yml
index ed0f7e26c0d19d299b3c19db503bf62953c3549b..25e0b397335bf148af33ce3c04bdad7fcef2565f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -335,7 +335,7 @@ services:
       NUXT_PUBLIC_API_CLIENT: "${BASE_URL:-http://localhost}"
       NUXT_PUBLIC_API_SERVER: "${BASE_URL:-http://gateway-service}"
       NUXT_PUBLIC_UPLOAD_CLIENT: "${BASE_URL:-http://localhost}/api/upload/files"
-      NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost:8080}/realms/dbrepo"
+      NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost}/realms/dbrepo"
       NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "${AUTH_SERVICE_CLIENT:-dbrepo-client}"
       NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
       NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "${BASE_URL:-http://localhost}/auth/keycloak/callback"
diff --git a/helm/dbrepo/templates/gateway-configmap.yaml b/helm/dbrepo/templates/gateway-configmap.yaml
index aa314d3c65948076a4e7eaf977bf47b8735b153d..66a8bc945a7290a7bf0ec8167228a4fa0f9e233f 100644
--- a/helm/dbrepo/templates/gateway-configmap.yaml
+++ b/helm/dbrepo/templates/gateway-configmap.yaml
@@ -39,6 +39,24 @@ data:
             proxy_read_timeout      90;
         }
 
+        location /realms {
+            proxy_set_header        Host $host;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_pass              http://auth-service;
+            proxy_read_timeout      90;
+        }
+
+        location /resources {
+            proxy_set_header        Host $host;
+            proxy_set_header        X-Real-IP $remote_addr;
+            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header        X-Forwarded-Proto $scheme;
+            proxy_pass              http://auth-service;
+            proxy_read_timeout      90;
+        }
+
         location /api/search {
             proxy_set_header        Host $host;
             proxy_set_header        X-Real-IP $remote_addr;
diff --git a/helm/dbrepo/templates/ui-secret.yaml b/helm/dbrepo/templates/ui-secret.yaml
index 5620e7b2da88226759723c4bbd24f2e5479bc444..bab14fce203692208d86a75310c5c4dd93fc80c3 100644
--- a/helm/dbrepo/templates/ui-secret.yaml
+++ b/helm/dbrepo/templates/ui-secret.yaml
@@ -22,4 +22,9 @@ stringData:
   NUXT_PUBLIC_PID_DEFAULT_PUBLISHER: "{{ .Values.ui.public.pid.default.publisher }}"
   NUXT_PUBLIC_UPLOAD_CLIENT: "{{ .Values.ui.public.upload.client | default $uploadEndpoint }}"
   NUXT_PUBLIC_BROKER_CONNECTIONS: "{{ include "dbrepo.broker.connections" . }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "{{ .Values.gateway }}/api/auth/realms/dbrepo"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "{{ .Values.authservice.client.id }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_REDIRECT_URI: "{{ .Values.gateway }}/auth/keycloak/callback"
+  NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_REDIRECT_URI: "{{ .Values.gateway }}"
 {{- end }}
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 626aea471be61721f0106f0e3595829a936e6dde..cd2de433e2c5b89327fb381adf3e5e4943b9ed39 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -585,15 +585,17 @@ dataservice:
       ## @param dataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
       type: "RuntimeDefault"
   ## @param dataservice.resourcesPreset The container resource preset
-  resourcesPreset: "large"
+  resourcesPreset: ""
   ## @param dataservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  resources: { }
-  ##   requests:
-  ##     cpu: 250m
-  ##     memory: 64Mi
-  ##   limits:
-  ##     cpu: 500m
-  ##     memory: 1024Mi
+  resources:
+    requests:
+      cpu: 500m
+      memory: 1024Mi
+      ephemeral-storage: 50Mi
+    limits:
+      cpu: 1.0
+      memory: 3072Mi
+      ephemeral-storage: 2Gi
   ## @skip dataservice.resources
   grant:
     ## @param dataservice.grant.read The default database permissions for users with read access.
@@ -1054,7 +1056,7 @@ gatewayservice:
 
 computeservice:
   ## @param computeservice.endpoint Configure the number of parallel workers with local[n]
-  endpoint: local[2]
+  endpoint: local[1]
 
 ## @section Ingress