diff --git a/admin/mailu/__init__.py b/admin/mailu/__init__.py
index f16f1c17..aae26a4f 100644
--- a/admin/mailu/__init__.py
+++ b/admin/mailu/__init__.py
@@ -34,7 +34,7 @@ default_config = {
     'FRONTEND': 'none',
     'TLS_FLAVOR': 'cert',
     'CERTS_PATH': '/certs',
-    'PASSWORD_SCHEME': 'SHA512-CRYPT'
+    'PASSWORD_SCHEME': 'SHA512-CRYPT',
 }
 
 # Load configuration from the environment if available
@@ -71,9 +71,29 @@ login_manager = flask_login.LoginManager()
 login_manager.init_app(app)
 login_manager.login_view = ".login"
 
+@login_manager.unauthorized_handler
+def handle_needs_login():
+    return flask.redirect(
+        flask.url_for('.login', next=flask.request.endpoint)
+    )
+
 @app.context_processor
 def inject_user():
     return dict(current_user=flask_login.current_user)
 
 # Import views
 from mailu.views import *
+
+# Create the prefix middleware
+class PrefixMiddleware(object):
+
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        prefix = environ.get('HTTP_X_FORWARDED_PREFIX', '')
+        if prefix:
+            environ['SCRIPT_NAME'] = prefix
+        return self.app(environ, start_response)
+
+app.wsgi_app = PrefixMiddleware(app.wsgi_app)
diff --git a/admin/mailu/views/base.py b/admin/mailu/views/base.py
index c2950178..2375977a 100644
--- a/admin/mailu/views/base.py
+++ b/admin/mailu/views/base.py
@@ -21,11 +21,9 @@ def login():
         user = models.User.login(form.email.data, form.pw.data)
         if user:
             flask_login.login_user(user)
-            redirect = flask.request.args.get('next')
-            parsed_redirect = parse.urlparse(redirect)
-            if parsed_redirect.scheme or parsed_redirect.netloc:
-                return flask.abort(400)
-            return flask.redirect(redirect or flask.url_for('.index'))
+            endpoint = flask.request.args.get('next')
+            return flask.redirect(flask.url_for(endpoint)
+                or flask.url_for('.index'))
         else:
             flask.flash('Wrong e-mail or password', 'error')
     return flask.render_template('login.html', form=form)
diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist
index 85626cc6..9068e70f 100644
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@@ -90,7 +90,7 @@ services:
     image: mailu/admin:$VERSION
     labels:
       - traefik.enable=true
-      - traefik.admin.frontend.rule=Host:$HOSTNAME;PathPrefix:/admin/
+      - traefik.admin.frontend.rule=Host:$HOSTNAME;PathPrefixStrip:/admin/
       - traefik.admin.port=80
       - traefik.home.frontend.rule=Host:$HOSTNAME;Path:/
       - traefik.home.port=80