diff --git a/ansible/roles/stack-proxy/templates/stack-proxy.yml b/ansible/roles/stack-proxy/templates/stack-proxy.yml
index cd155ba14a2e41b90d90de2e20cd05f94747bad5..b325e47785dd2b4f8d767ed05131181aac33fbc6 100644
--- a/ansible/roles/stack-proxy/templates/stack-proxy.yml
+++ b/ansible/roles/stack-proxy/templates/stack-proxy.yml
@@ -3,16 +3,9 @@ version: '3.3'
 services:
   proxy:
     image: "{{hub_org}}/{{image_name}}:{{image_tag}}"
-    # This is a workaround for remote ip address is not visible nginx
     ports:
-      - mode: host
-        target: 80
-        published: 80
-        protocol: TCP
-      - mode: host
-        target: 443
-        published: 443
-        protocol: TCP
+      - "443:443"
+      - "80:80"
     deploy:
       mode: global
       resources:
diff --git a/ansible/roles/stack-proxy/templates/stack-proxy.yml_host_network b/ansible/roles/stack-proxy/templates/stack-proxy.yml_host_network
new file mode 100644
index 0000000000000000000000000000000000000000..1aeadca20c6abb69c9e28ac517da8ca7ace3f23f
--- /dev/null
+++ b/ansible/roles/stack-proxy/templates/stack-proxy.yml_host_network
@@ -0,0 +1,60 @@
+version: '3.3'
+
+services:
+  proxy:
+    image: "{{hub_org}}/{{image_name}}:{{image_tag}}"
+    # This is a workaround for remote ip address is not visible nginx
+    ports:
+      - mode: host
+        target: 80
+        published: 80
+        protocol: TCP
+      - mode: host
+        target: 443
+        published: 443
+        protocol: TCP
+    deploy:
+      replicas: {{ proxy_replicas }}
+      resources:
+        reservations:
+          memory: "{{ proxy_reservation_memory }}"
+        limits:
+          memory: "{{ proxy_limit_memory }}"
+      update_config:
+        parallelism: 1
+        delay: 30s
+    secrets:
+{# Skip copying ssls for no domain configs #}
+{% if proto=='https' %}
+      - site.key
+      - site.crt
+{% endif %}
+      - prom_admin_creds
+    configs:
+      - source: nginx.conf
+        target: /etc/nginx/nginx.conf
+      - source: proxy-default.conf
+        target: /etc/nginx/conf.d/default.conf
+    networks:
+      - application_default
+
+secrets:
+{# Skip copying ssls for no domain configs #}
+{% if proto=='https' %}
+  site.key:
+    external: true
+  site.crt:
+    external: true
+{% endif %}
+  prom_admin_creds:
+    external: true
+
+configs:
+  nginx.conf:
+    external: true
+  proxy-default.conf:
+    external: true
+
+networks:
+  application_default:
+    external: true