diff --git a/coreos-config/plays/services/registry/docker-compose.yaml b/coreos-config/plays/services/registry/docker-compose.yaml
index 4745b6c..230e0ba 100644
--- a/coreos-config/plays/services/registry/docker-compose.yaml
+++ b/coreos-config/plays/services/registry/docker-compose.yaml
@@ -28,6 +28,10 @@ services:
       - "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)"
       - "traefik.http.routers.registry-auth.entryPoints=websecure"
       - "traefik.http.services.registry-auth.loadbalancer.server.port=5001"
+      - "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolalloworiginlist=https://registry-ui.tobiasmanske.de"
+      - "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowheaders=Authorization,Accept,Cache-Control"
+      - "traefik.http.middlewares.registry-auth-headers.headers.accesscontrolallowmethods=HEAD,GET,OPTIONS,DELETE"
+      - "traefik.http.routers.registry-auth.middlewares=registry-auth-headers"
     networks:
       - backend
       - gateway
@@ -36,26 +40,6 @@ services:
       - ./server.pem:/server.pem:ro,Z
       - ./server.key:/server.key:ro,Z
 
-  frontend:
-    image: joxit/docker-registry-ui:latest
-    restart: unless-stopped
-    depends_on:
-      - registry
-    environment:
-      - DELETE_IMAGES=true
-      - REGISTRY_TITLE=My Private Docker Registry
-      - NGINX_PROXY_PASS_URL=http://registry:5000
-      - SINGLE_REGISTRY=true
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.registryui.rule=Host(`registry-ui.tobiasmanske.de`)"
-      - "traefik.http.routers.registryui.entryPoints=websecure"
-      - "traefik.http.services.registryui.loadbalancer.server.port=80"
-    networks:
-      - gateway
-      - backend
-
-
 volumes:
   registry_data: