diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 6371a6c..22eaf12 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -124,6 +124,10 @@ in {
           # communicates with clightning over lightning-rpc socket
           connections = [];
         };
+        nginx = {
+          id = 21;
+          connections = [];
+        };
       };
 
       systemd.services = {
@@ -286,6 +290,9 @@ in {
         host = netns.nanopos.address;
       };
 
+      # nginx: Custom netns configs
+      services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
+
     })
     # Custom netns config option values if netns-isolation not enabled
     (mkIf (!cfg.enable) {
diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix
index a259ca1..b75ab2e 100644
--- a/modules/nix-bitcoin-webindex.nix
+++ b/modules/nix-bitcoin-webindex.nix
@@ -39,6 +39,11 @@ in {
         If enabled, the webindex service will be installed.
       '';
     };
+    host = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "HTTP server listen address.";
+    };
     enforceTor =  nix-bitcoin-services.enforceTor;
   };
 
@@ -61,9 +66,9 @@ in {
     };
     services.tor.hiddenServices.nginx = {
       map = [{
-        port = 80;
+        port = 80; toHost = cfg.host;
       } {
-        port = 443;
+        port = 443; toHost = cfg.host;
       }];
       version = 3;
     };