diff --git a/README.md b/README.md
index d505d7633..48072b94e 100644
--- a/README.md
+++ b/README.md
@@ -183,8 +183,12 @@ server {
         proxy_buffers 16 32k;
         proxy_busy_buffers_size 64k;
         proxy_redirect off;
-        proxy_request_buffering on;
-        proxy_buffering on;
+        proxy_request_buffering off;
+        proxy_buffering off;
+        location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {
+          expires 1d;
+          proxy_pass http://localhost:7156;
+        }
         proxy_pass http://localhost:7156;
     }
 }
diff --git a/daemon.py b/daemon.py
index b1a63181c..bec263466 100644
--- a/daemon.py
+++ b/daemon.py
@@ -553,10 +553,6 @@ class PubServer(BaseHTTPRequestHandler):
         self.send_header('Host', callingDomain)
         self.send_header('WWW-Authenticate',
                          'title="Login to Epicyon", Basic realm="epicyon"')
-        # self.send_header('X-Robots-Tag',
-        #                  'noindex, nofollow, noarchive, nosnippet')
-        # self.send_header('Cache-Control', 'public')
-        # self.send_header('Referrer-Policy', 'origin')
         self.end_headers()
 
     def _logout_headers(self, fileFormat: str, length: int,
@@ -568,10 +564,6 @@ class PubServer(BaseHTTPRequestHandler):
         self.send_header('Host', callingDomain)
         self.send_header('WWW-Authenticate',
                          'title="Login to Epicyon", Basic realm="epicyon"')
-        # self.send_header('X-Robots-Tag',
-        #                  'noindex, nofollow, noarchive, nosnippet')
-        # self.send_header('Cache-Control', 'public')
-        # self.send_header('Referrer-Policy', 'origin')
         self.end_headers()
 
     def _logout_redirect(self, redirect: str, cookie: str,
@@ -586,10 +578,6 @@ class PubServer(BaseHTTPRequestHandler):
         self.send_header('Host', callingDomain)
         self.send_header('InstanceID', self.server.instanceId)
         self.send_header('Content-Length', '0')
-        # self.send_header('X-Robots-Tag',
-        #                  'noindex, nofollow, noarchive, nosnippet')
-        # self.send_header('Cache-Control', 'public')
-        # self.send_header('Referrer-Policy', 'origin')
         self.end_headers()
 
     def _set_headers_base(self, fileFormat: str, length: int, cookie: str,
@@ -607,17 +595,13 @@ class PubServer(BaseHTTPRequestHandler):
             self.send_header('Cookie', cookieStr)
         self.send_header('Host', callingDomain)
         self.send_header('InstanceID', self.server.instanceId)
-        self.send_header('X-Robots-Tag',
-                         'noindex, nofollow, noarchive, nosnippet')
         self.send_header('X-Clacks-Overhead', 'GNU Natalie Nguyen')
+        self.send_header('Cache-Control', 'max-age=0')
         self.send_header('Cache-Control', 'public')
-        self.send_header('Referrer-Policy', 'origin')
-        self.send_header('Accept-Ranges', 'none')
 
     def _set_headers(self, fileFormat: str, length: int, cookie: str,
                      callingDomain: str) -> None:
         self._set_headers_base(fileFormat, length, cookie, callingDomain)
-        # self.send_header('Cache-Control', 'public, max-age=0')
         self.end_headers()
 
     def _set_headers_head(self, fileFormat: str, length: int, etag: str,
diff --git a/epicyon.py b/epicyon.py
index c1dfa5794..762e43d7d 100644
--- a/epicyon.py
+++ b/epicyon.py
@@ -900,9 +900,11 @@ else:
 
 # if this is the initial run then allow new registrations
 if not getConfigParam(baseDir, 'registration'):
-    setConfigParam(baseDir, 'registration', 'open')
-    setConfigParam(baseDir, 'maxRegistrations', str(maxRegistrations))
-    setConfigParam(baseDir, 'registrationsRemaining', str(maxRegistrations))
+    if args.registration.lower() == 'open':
+        setConfigParam(baseDir, 'registration', 'open')
+        setConfigParam(baseDir, 'maxRegistrations', str(maxRegistrations))
+        setConfigParam(baseDir, 'registrationsRemaining',
+                       str(maxRegistrations))
 
 if args.resetregistrations:
     setConfigParam(baseDir, 'registrationsRemaining', str(maxRegistrations))
diff --git a/gemini/EN/install.gmi b/gemini/EN/install.gmi
index 5b42d03fd..23f342289 100644
--- a/gemini/EN/install.gmi
+++ b/gemini/EN/install.gmi
@@ -125,8 +125,6 @@ And paste the following:
             proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forward-Proto http;
             proxy_set_header X-Nginx-Proxy true;
-     	    expires epoch;
-            proxy_no_cache 1;
             proxy_temp_file_write_size 64k;
             proxy_connect_timeout 10080s;
             proxy_send_timeout 10080;
@@ -135,28 +133,11 @@ And paste the following:
             proxy_buffers 16 32k;
             proxy_busy_buffers_size 64k;
             proxy_redirect off;
-            proxy_request_buffering on;
-            proxy_buffering on;
-	    proxy_cache my_cache;
-	    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
-	    location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
-	    	expires 7d;
-                proxy_pass http://localhost:7156;
-            }
-            location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
-                expires epoch;
-                proxy_no_cache 1;
-                proxy_pass http://localhost:7156;
-            }
-            location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {
-                expires epoch;
-                proxy_no_cache 1;
-                proxy_pass http://localhost:7156;
-            }
-            location ~ ^/users/(.*)/(image|banner).png {
-                expires epoch;
-                proxy_no_cache 1;
-                proxy_pass http://localhost:7156;
+            proxy_request_buffering off;
+            proxy_buffering off;
+	    location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {
+              expires 1d;
+              proxy_pass http://localhost:7156;
             }
             proxy_pass http://localhost:7156;
         }
diff --git a/webapp_profile.py b/webapp_profile.py
index 00ff979dc..17dd6930e 100644
--- a/webapp_profile.py
+++ b/webapp_profile.py
@@ -472,9 +472,7 @@ def htmlProfile(rssIconAtTop: bool,
         addEmojiToDisplayName(baseDir, httpPrefix,
                               nickname, domain,
                               profileJson['name'], True)
-    domainFull = domain
-    if port:
-        domainFull = domain + ':' + str(port)
+    domainFull = getFullDomain(domain, port)
     profileDescription = \
         addEmojiToDisplayName(baseDir, httpPrefix,
                               nickname, domain,
@@ -666,6 +664,11 @@ def htmlProfile(rssIconAtTop: bool,
         occupationName = getOccupationName(profileJson)
 
     avatarUrl = profileJson['icon']['url']
+    # use alternate path for local avatars to avoid any caching issues
+    if '://' + domainFull + '/accounts/avatars/' in avatarUrl:
+        avatarUrl = \
+            avatarUrl.replace('://' + domainFull + '/accounts/avatars/',
+                              '://' + domainFull + '/users/')
 
     # get pinned post content
     accountDir = baseDir + '/accounts/' + nickname + '@' + domain
diff --git a/website/EN/index.html b/website/EN/index.html
index 37da861a8..45f5f41e6 100644
--- a/website/EN/index.html
+++ b/website/EN/index.html
@@ -1374,101 +1374,82 @@
                        inactive=60m use_temp_path=off;
 
       server {<br>
-      listen 80;<br>
-      listen [::]:80;<br>
-      server_name YOUR_DOMAIN;<br>
-      access_log /dev/null;<br>
-      error_log /dev/null;<br>
-      client_max_body_size 31m;<br>
-      client_body_buffer_size 128k;<br>
-      <br>
-      limit_conn conn_limit_per_ip 10;<br>
-      limit_req zone=req_limit_per_ip burst=10 nodelay;<br>
-      <br>
-      index index.html;<br>
-      rewrite ^ https://$server_name$request_uri? permanent;<br>
+        listen 80;<br>
+        listen [::]:80;<br>
+        server_name YOUR_DOMAIN;<br>
+        access_log /dev/null;<br>
+        error_log /dev/null;<br>
+        client_max_body_size 31m;<br>
+        client_body_buffer_size 128k;<br>
+        <br>
+        limit_conn conn_limit_per_ip 10;<br>
+        limit_req zone=req_limit_per_ip burst=10 nodelay;<br>
+        <br>
+        index index.html;<br>
+        rewrite ^ https://$server_name$request_uri? permanent;<br>
       }<br>
       <br>
       server {<br>
-      listen 443 ssl;<br>
-      server_name YOUR_DOMAIN;<br>
-      <br>
-      ssl_stapling off;<br>
-      ssl_stapling_verify off;<br>
-      ssl on;<br>
-      ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;<br>
-      ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;<br>
-      #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;<br>
-      <br>
-      ssl_session_cache  builtin:1000  shared:SSL:10m;<br>
-      ssl_session_timeout 60m;<br>
-      ssl_prefer_server_ciphers on;<br>
-      ssl_protocols TLSv1.2 TLSv1.3;<br>
-      ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';<br>
-      add_header X-Frame-Options DENY;<br>
-      add_header X-Content-Type-Options nosniff;<br>
-      add_header X-XSS-Protection "1; mode=block";<br>
-      add_header X-Download-Options noopen;<br>
-      add_header X-Permitted-Cross-Domain-Policies none;<br>
-      <br>
-      add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";<br>
-      add_header Strict-Transport-Security max-age=15768000;<br>
-      <br>
-      access_log /dev/null;<br>
-      error_log /dev/null;<br>
-      <br>
-      index index.html;<br>
-      <br>
-      location /newsmirror {<br>
-        root /var/www/YOUR_DOMAIN;<br>
-        try_files $uri =404;<br>
-      }<br>
-      <br>
-      location / {<br>
-      proxy_http_version 1.1;<br>
-      client_max_body_size 31M;<br>
-      proxy_set_header Upgrade $http_upgrade;<br>
-      proxy_set_header Connection "upgrade";<br>
-      proxy_set_header Host $http_host;<br>
-      proxy_set_header X-Real-IP $remote_addr;<br>
-      proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;<br>
-      proxy_set_header X-Forward-Proto http;<br>
-      proxy_set_header X-Nginx-Proxy true;<br>
-      expires epoch;<br>
-      proxy_no_cache 1;<br>
-      proxy_temp_file_write_size 64k;<br>
-      proxy_connect_timeout 10080s;<br>
-      proxy_send_timeout 10080;<br>
-      proxy_read_timeout 10080;<br>
-      proxy_buffer_size 64k;<br>
-      proxy_buffers 16 32k;<br>
-      proxy_busy_buffers_size 64k;<br>
-      proxy_redirect off;<br>
-      proxy_request_buffering on;<br>
-      proxy_buffering on;<br>
-      proxy_cache my_cache;<br>
-      proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;<br>
-      location ~ ^/(icons|images|media|emoji)/(.*)/(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
-          expires 7d;<br>
+        listen 443 ssl;<br>
+        server_name YOUR_DOMAIN;<br>
+        <br>
+        ssl_stapling off;<br>
+        ssl_stapling_verify off;<br>
+        ssl on;<br>
+        ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;<br>
+        ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;<br>
+        #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;<br>
+        <br>
+        ssl_session_cache  builtin:1000  shared:SSL:10m;<br>
+        ssl_session_timeout 60m;<br>
+        ssl_prefer_server_ciphers on;<br>
+        ssl_protocols TLSv1.2 TLSv1.3;<br>
+        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';<br>
+        add_header X-Frame-Options DENY;<br>
+        add_header X-Content-Type-Options nosniff;<br>
+        add_header X-XSS-Protection "1; mode=block";<br>
+        add_header X-Download-Options noopen;<br>
+        add_header X-Permitted-Cross-Domain-Policies none;<br>
+        <br>
+        add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";<br>
+        add_header Strict-Transport-Security max-age=15768000;<br>
+        <br>
+        access_log /dev/null;<br>
+        error_log /dev/null;<br>
+        <br>
+        index index.html;<br>
+        <br>
+        location /newsmirror {<br>
+          root /var/www/YOUR_DOMAIN;<br>
+          try_files $uri =404;<br>
+        }<br>
+        <br>
+        location / {<br>
+          proxy_http_version 1.1;<br>
+          client_max_body_size 31M;<br>
+          proxy_set_header Upgrade $http_upgrade;<br>
+          proxy_set_header Connection "upgrade";<br>
+          proxy_set_header Host $http_host;<br>
+          proxy_set_header X-Real-IP $remote_addr;<br>
+          proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;<br>
+          proxy_set_header X-Forward-Proto http;<br>
+          proxy_set_header X-Nginx-Proxy true;<br>
+          proxy_temp_file_write_size 64k;<br>
+          proxy_connect_timeout 10080s;<br>
+          proxy_send_timeout 10080;<br>
+          proxy_read_timeout 10080;<br>
+          proxy_buffer_size 64k;<br>
+          proxy_buffers 16 32k;<br>
+          proxy_busy_buffers_size 64k;<br>
+          proxy_redirect off;<br>
+          proxy_request_buffering off;<br>
+          proxy_buffering off;<br>
+          location ~ ^/accounts/(avatars|headers)/(.*).(png|jpg|gif|webp|svg) {<br>
+            expires 1d;<br>
+            proxy_pass http://localhost:7156;<br>
+          }<br>
           proxy_pass http://localhost:7156;<br>
-      }<br>
-      location ~ ^/icons/(.*)/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
-          expires epoch;<br>
-          proxy_no_cache 1;<br>
-          proxy_pass http://localhost:7156;<br>
-      }<br>
-      location ~ ^/icons/(like|repeat|calendar)(.*).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
-          expires epoch;<br>
-          proxy_no_cache 1;<br>
-          proxy_pass http://localhost:7156;<br>
-      }<br>
-      location ~ ^/users/(.*)/(image|banner).(png|jpg|gif|webp|mp3|ogv|ogg|mp4) {<br>
-          expires epoch;<br>
-          proxy_no_cache 1;<br>
-          proxy_pass http://localhost:7156;<br>
-      }<br>
-      proxy_pass http://localhost:7156;<br>
-      }<br>
+        }<br>
       }
     </div>