diff --git a/Dockerfile b/Dockerfile
index c0b5335f..818fa7ab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,11 @@ ADD packages/ packages/
 RUN yarn install
 RUN gulp --series build site
 
+# Build stage to extract envsubst
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3 as envsubst
+
+RUN microdnf -y install gettext
+
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 
 # njs > 0.4.3 fails to run js-yaml.js
@@ -63,9 +68,10 @@ RUN touch config.js && \
     ln -sf /config.js /usr/share/nginx/html/integration/osconsole/config.js
 
 COPY docker/nginx.js docker/rbac.js docker/js-yaml.js /etc/nginx/conf.d/
-COPY docker/nginx.conf docker/nginx-gateway.conf docker/osconsole/config.sh docker/nginx.sh docker/ACL.yaml /
+COPY docker/nginx.conf docker/nginx-gateway.conf.template docker/osconsole/config.sh docker/nginx.sh docker/ACL.yaml /
 
 COPY --from=builder /hawtio-online/docker/site /usr/share/nginx/html/
+COPY --from=envsubst /usr/bin/envsubst /usr/local/bin/
 
 USER 998
 
diff --git a/docker/nginx-gateway.conf b/docker/nginx-gateway.conf.template
similarity index 95%
rename from docker/nginx-gateway.conf
rename to docker/nginx-gateway.conf.template
index 2a7652cd..ca01283e 100644
--- a/docker/nginx-gateway.conf
+++ b/docker/nginx-gateway.conf.template
@@ -1,3 +1,4 @@
+# vim: set filetype=nginx:
 js_import gateway from conf.d/nginx.js;
 
 proxy_cache_path /var/cache/nginx/pods levels=1:2 keys_zone=pods:1m max_size=2m inactive=60m use_temp_path=off;
@@ -23,9 +24,9 @@ server {
     root                /usr/share/nginx/html/;
 
     # Performance tuning
-    subrequest_output_buffer_size 10m;
-    client_body_buffer_size       256k;
-    proxy_buffers                 16 128k;
+    subrequest_output_buffer_size ${NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE};
+    client_body_buffer_size       ${NGINX_CLIENT_BODY_BUFFER_SIZE};
+    proxy_buffers                 ${NGINX_PROXY_BUFFERS};
 
     if ($new) {
         rewrite ^ $new redirect;
diff --git a/docker/nginx.sh b/docker/nginx.sh
index 29a807bc..80079c83 100755
--- a/docker/nginx.sh
+++ b/docker/nginx.sh
@@ -8,12 +8,25 @@ set -eu
 
 ./config.sh > config.js
 
+# nginx.conf parameter default values
+export NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE=${NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE:-10m}
+export NGINX_CLIENT_BODY_BUFFER_SIZE=${NGINX_CLIENT_BODY_BUFFER_SIZE:-256k}
+export NGINX_PROXY_BUFFERS=${NGINX_PROXY_BUFFERS:-16 128k}
+
+generate_nginx_gateway_conf() {
+  envsubst '
+    $NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE
+    $NGINX_CLIENT_BODY_BUFFER_SIZE
+    $NGINX_PROXY_BUFFERS
+    ' < /nginx-gateway.conf.template > /etc/nginx/conf.d/nginx.conf
+}
+
 if [ -v HAWTIO_ONLINE_RBAC_ACL ]; then
   echo Using RBAC NGINX configuration
-  ln -sf /nginx-gateway.conf /etc/nginx/conf.d/nginx.conf
+  generate_nginx_gateway_conf
 elif [ "${HAWTIO_ONLINE_GATEWAY:-}" = "true" ]; then
   echo Using gateway NGINX configuration
-  ln -sf /nginx-gateway.conf /etc/nginx/conf.d/nginx.conf
+  generate_nginx_gateway_conf
 else
   echo Using legacy NGINX configuration
   ln -sf /nginx.conf /etc/nginx/conf.d/nginx.conf