diff --git a/roles/backup/templates/backup.sh.j2 b/roles/backup/templates/backup.sh.j2
index 10d1ab3..36c756a 100755
--- a/roles/backup/templates/backup.sh.j2
+++ b/roles/backup/templates/backup.sh.j2
@@ -59,7 +59,8 @@ rm -rf "$BACKUP_LOCATION"
 
 echo "forgetting old backups for $(hostname)"
 docker compose run --rm app forget --host "$(hostname)" --prune \
+	--keep-last 7 \
 	--keep-daily 14 \
-	--keep-weekly 28 \
+	--keep-weekly 16 \
 	--keep-monthly 12 \
 	--keep-yearly 2 
diff --git a/roles/tinytinyrss/files/nginx.conf b/roles/tinytinyrss/files/nginx.conf
deleted file mode 100644
index 7f65153..0000000
--- a/roles/tinytinyrss/files/nginx.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-worker_processes auto;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-	include /etc/nginx/mime.types;
-	default_type  application/octet-stream;
-
-	access_log /dev/stdout;
-	error_log /dev/stderr warn;
-
-	sendfile on;
-
-	index index.php;
-
-	upstream app {
-		server tt-rss:9000;
-	}
-
-	server {
-		listen 80;
-		listen [::]:80;
-
-		root /var/www/html;
-
-		location /tt-rss/cache {
-			aio threads;
-			internal;
-		}
-
-		location /tt-rss/backups {
-			internal;
-		}
-
-		location ~ \.php$ {
-			# regex to split $uri to $fastcgi_script_name and $fastcgi_path
-			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-
-			# Check that the PHP script exists before passing it
-			try_files $fastcgi_script_name =404;
-
-			# Bypass the fact that try_files resets $fastcgi_path_info
-			# see: http://trac.nginx.org/nginx/ticket/321
-			set $path_info $fastcgi_path_info;
-			fastcgi_param PATH_INFO $path_info;
-
-			fastcgi_index index.php;
-			include fastcgi.conf;
-
-			fastcgi_pass app;
-		}
-
-		location / {
-			try_files $uri $uri/ =404;
-		}
-
-	}
-}
diff --git a/roles/tinytinyrss/tasks/main.yml b/roles/tinytinyrss/tasks/main.yml
index b7e6961..be3db8a 100644
--- a/roles/tinytinyrss/tasks/main.yml
+++ b/roles/tinytinyrss/tasks/main.yml
@@ -8,14 +8,5 @@
     env: "{{ tinytinyrss_env }}"
     compose: "{{ tinytinyrss_compose }}"
   block:
-    - name: Import prepare tasks for common service
-      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
-
-    - name: Copy the nginx-config
-      ansible.builtin.copy:
-        src: nginx.conf
-        dest: "{{ (service_path, 'nginx.conf') | path_join }}"
-        mode: "0644"
-
-    - name: Import start tasks for common service
-      ansible.builtin.import_tasks: tasks/start-common-service.yml
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
diff --git a/roles/tinytinyrss/vars/main.yml b/roles/tinytinyrss/vars/main.yml
index 51f7a9c..771ef34 100644
--- a/roles/tinytinyrss/vars/main.yml
+++ b/roles/tinytinyrss/vars/main.yml
@@ -19,12 +19,17 @@ tinytinyrss_env:
 
   TTRSS_SELF_URL_PATH: https://{{ svc.domain }}/tt-rss/
 
+  APP_UPSTREAM: tt-rss
+
+  # Workaround for this bug:
+  # could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
+  PGSSLCERT: /tmp/postgresql.crt
+
 tinytinyrss_compose:
   watchtower: false
   image: cthulhoo/ttrss-web-nginx
   volumes:
     - app:/var/www/html:ro
-    - ./nginx.conf:/etc/nginx/nginx.conf
   file:
     services:
       app: