diff --git a/manage-gui/docker/Dockerfile b/manage-gui/docker/Dockerfile
index fc665ace..1d6d0d6b 100644
--- a/manage-gui/docker/Dockerfile
+++ b/manage-gui/docker/Dockerfile
@@ -1,2 +1,3 @@
 FROM ghcr.io/openconext/openconext-basecontainers/apache2-shibboleth:latest
 COPY ./build/ /var/www/
+COPY ./docker/conf/000-default.conf /etc/apache2/sites-enabled/000-default.conf
diff --git a/manage-gui/docker/conf/000-default.conf b/manage-gui/docker/conf/000-default.conf
new file mode 100644
index 00000000..68a516e2
--- /dev/null
+++ b/manage-gui/docker/conf/000-default.conf
@@ -0,0 +1,77 @@
+RewriteEngine on
+
+RewriteCond %{REQUEST_URI} !\.html$
+RewriteCond %{REQUEST_URI} !\.(js|css)(\.map)?$
+RewriteCond %{REQUEST_URI} !\.svg$
+RewriteCond %{REQUEST_URI} !\.png$
+RewriteCond %{REQUEST_URI} !\.ico$
+RewriteCond %{REQUEST_URI} !\.woff$
+RewriteCond %{REQUEST_URI} !\.woff2$
+RewriteCond %{REQUEST_URI} !\.ttf$
+RewriteCond %{REQUEST_URI} !\.eot$
+RewriteCond %{REQUEST_URI} !^/(asset-)?manifest.json$
+RewriteCond %{REQUEST_URI} !^/manage
+RewriteCond %{REQUEST_URI} !^/internal
+RewriteCond %{REQUEST_URI} !^/fonts
+RewriteRule (.*) /index.html [L]
+
+ProxyPass /Shibboleth.sso !
+ProxyPass /manage/api/health http://manage/internal/health 
+ProxyPass /manage/api/info http://manage/internal/info 
+
+ProxyPass /internal/health http://manage/internal/health 
+ProxyPass /internal/info http://manage/internal/info 
+
+ProxyPass /manage/api http://manage 
+ProxyPassReverse /manage/api http://manage
+
+###########################################################################
+# Backdoor instructions                                                   #
+# ------------------------------------------------------------------------#
+# Manage offers the ability to use basic authentication to login          #
+# In order to activate it, remove the <Location> </Location> block below  #
+# and restart httpd                                                       #
+# The username and password can be found in the manage application.yml    #
+# #########################################################################
+
+PassEnv OPENCONEXT_REMOTE_ENTITYID
+PassEnv OPENCONEXT_OWN_ENTITYID
+<Location />
+  AuthType shibboleth
+  ShibUseHeaders On
+  ShibRequestSetting entityID ${OPENCONEXT_REMOTE_ENTITYID}
+  ShibRequestSetting entityIDSelf ${OPENCONEXT_OWN_ENTITYID}
+  ShibRequireSession On
+  ShibRequestSetting REMOTE_ADDR X-Forwarded-For
+  Require valid-user
+</Location>
+
+DocumentRoot "/var/www"
+
+<Directory "/var/www">
+  Require all granted
+  Options     -Indexes
+</Directory>
+
+# Enable shibboleth for all other URLs, but the health check and info endpoint
+<Location ~ "/manage/api/(health|info)">
+  Require all granted
+</Location>
+
+<Location ~ "/internal/(health|info)">
+  Require all granted
+</Location>
+
+# The internal API is secured with basic auth
+<Location ~ "/manage/api/internal/">
+  Require all granted
+</Location>
+
+<Location ~ "(.*)(eot|svg|ttf|woff2|woff|html|js|js\.map|css|css\.map|png|jpg|ico)$">
+  Require all granted
+</Location>
+
+<Location ~ "/(asset-)?manifest.json$">
+  Require all granted
+</Location>
+