diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3088eb7a8..499a19ef7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,6 +25,7 @@ jobs:
     needs: draft-release
     env:
       TELEMETRY_ENABLED: 'false'
+      TERMINFO: /usr/lib/terminfo
     runs-on: ${{ matrix.platform }}
     strategy:
       # Failing fast breaks the Omnibus build cache because the job is
@@ -87,15 +88,15 @@ jobs:
           sudo mkdir -p /opt/firezone
           sudo chown -R $USER /opt/firezone
           bin/omnibus build firezone
-      - name: Functional Test
-        run: |
-          .ci/functional_test.sh
       - uses: actions/upload-artifact@v3
         with:
           name: firezone-${{ matrix.platform }}
           path: |
             omnibus/pkg/firezone*.deb
             omnibus/pkg/firezone*.rpm
+      - name: Functional Test
+        run: |
+          .ci/functional_test.sh
       - name: Cleanup
         if: always()
         run: |
diff --git a/apps/fz_http/lib/fz_http_web/proxy_headers.ex b/apps/fz_http/lib/fz_http_web/proxy_headers.ex
index 92d80c89b..d9b5cc0bf 100644
--- a/apps/fz_http/lib/fz_http_web/proxy_headers.ex
+++ b/apps/fz_http/lib/fz_http_web/proxy_headers.ex
@@ -11,7 +11,7 @@ defmodule FzHttpWeb.ProxyHeaders do
 
   def call(conn, _opts) do
     conn
-    |> RemoteIp.call(HeaderHelpers.remote_ip_opts())
+    |> RemoteIp.call(RemoteIp.init(HeaderHelpers.remote_ip_opts()))
     |> Plug.RewriteOn.call(rewrite_opts())
   end
 
diff --git a/config/config.exs b/config/config.exs
index 586d1b215..38511bec5 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -87,7 +87,7 @@ config :fz_http,
   default_admin_password: "firezone1234",
   events_module: FzHttp.Events,
   server_process_opts: [name: {:global, :fz_http_server}],
-  openid_connect_providers: [],
+  openid_connect_providers: "{}",
   openid_connect: OpenIDConnect
 
 config :fz_wall,
diff --git a/docker-compose.yml b/docker-compose.yml
index a14e8be95..2339e304e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,9 +58,8 @@ services:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: firezone_dev
-    # when you want to connect db with a graphic tool, uncomment ports
-    # ports:
-    #   - 5432:5432
+    ports:
+      - 5432:5432
     networks:
       - app
 
diff --git a/docs/docs/reference/configuration-file.md b/docs/docs/reference/configuration-file.md
index 7e1dac6c9..f2b07a3ae 100644
--- a/docs/docs/reference/configuration-file.md
+++ b/docs/docs/reference/configuration-file.md
@@ -121,7 +121,7 @@ Shown below is a complete listing of the configuration options available in
 | `default['firezone']['phoenix']['log_rotation']['num_to_keep']`               | Number of Firezone web application log files to keep.                                                        | `10`                                                                   |
 | `default['firezone']['phoenix']['crash_detection']['enabled']`                | Enable or disable bringing down the Firezone web application when a crash is detected.                       | `true`                                                                 |
 | `default['firezone']['phoenix']['external_trusted_proxies']`                  | List of trusted reverse proxies formatted as an Array of IPs and/or CIDRs.                                   | `[]`                                                            |
-| `default['firezone']['phoenix']['clients']`                                   | List of private network HTTP clients, formatted an Array of IPs and/or CIDRs.                                | `[]`                                                            |
+| `default['firezone']['phoenix']['private_clients']`                           | List of private network HTTP clients, formatted an Array of IPs and/or CIDRs.                                | `[]`                                                            |
 | `default['firezone']['wireguard']['enabled']`                                 | Enable or disable bundled WireGuard management.                                                              | `true`                                                                 |
 | `default['firezone']['wireguard']['log_directory']`                           | Log directory for bundled WireGuard management.                                                              | `"#{node['firezone']['log_directory']}/wireguard"`                     |
 | `default['firezone']['wireguard']['log_rotation']['file_maxbytes']`           | WireGuard log file max size.                                                                                 | `104857600`                                                            |
diff --git a/omnibus/cookbooks/firezone/attributes/default.rb b/omnibus/cookbooks/firezone/attributes/default.rb
index 7ed0fd1b8..9595d836e 100644
--- a/omnibus/cookbooks/firezone/attributes/default.rb
+++ b/omnibus/cookbooks/firezone/attributes/default.rb
@@ -150,7 +150,7 @@ default['firezone']['authentication']['oidc'] = {}
 # default['firezone']['phoenix']['private_clients'] below instead of here.
 #
 # If set to false Firezone will assume that it is not running behind a proxy
-default['firezone']['external_trusted_proxies'] = []
+default['firezone']['phoenix']['external_trusted_proxies'] = []
 
 # An array of IPs that Firezone will assume are clients, and thus, not a trusted
 # proxy for the purpose of determining the client's IP. By default the bundled