diff --git a/000-setup-osx.sh b/000-setup-osx.sh
index 6865e99..ca09c77 100755
--- a/000-setup-osx.sh
+++ b/000-setup-osx.sh
@@ -16,6 +16,7 @@ brew unlink nginx
 brew tap homebrew/nginx
 brew install \
      nginx-full \
+     --with-lua-module \
      --with-subs-filter-module \
      --with-headers-more-module
 
diff --git a/eotk b/eotk
index 6474803..fb87d6c 100755
--- a/eotk
+++ b/eotk
@@ -49,6 +49,20 @@ Action() {
     done
 }
 
+Configure() {
+    log=configure$$.log
+
+    for file in "$@" ; do
+        if ! $EOTK_HOME/lib.d/do-configure.pl "$file" ; then
+            echo "$prog: failure processing $file: see $log"
+            exit 1
+        fi
+    done 2>$log
+
+    echo done
+}
+
+
 cmd="$1"
 shift
 
@@ -65,13 +79,7 @@ case "$cmd" in
         ;;
 
     configure|config|conf)
-        log=configure$$.log
-        if ! $EOTK_HOME/lib.d/do-configure.pl "$@" 2>$log ; then
-            echo $prog: failure: see $log
-            exit 1
-        else
-            echo done
-        fi
+        Configure "$@"
         ;;
 
     start) # project, or "-a"
@@ -107,7 +115,7 @@ case "$cmd" in
         ;;
 
     ps)
-        ps auxww | egrep '\b(tor|nginx)\b'
+        ps auxww | grep /eotk/
         ;;
 
     genkey|gen)
diff --git a/opt.d/build-nginx-on-debian.sh b/opt.d/build-nginx-on-debian.sh
index a677e1b..ef928ab 100755
--- a/opt.d/build-nginx-on-debian.sh
+++ b/opt.d/build-nginx-on-debian.sh
@@ -16,6 +16,7 @@ cd $dir || exit 1
 
 MODS="
 https://github.com/openresty/headers-more-nginx-module.git
+https://github.com/openresty/lua-nginx-module.git
 https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
 "
 
diff --git a/templates.d/nginx.txt b/templates.d/nginx.txt
index b283b26..522e188 100755
--- a/templates.d/nginx.txt
+++ b/templates.d/nginx.txt
@@ -20,7 +20,7 @@ events {
 
 http {
   # dns for proxy (sigh)
-  resolver %NGINX_RESOLVER% valid=%NGINX_TIMEOUT%s;
+  resolver %NGINX_RESOLVER% valid=%NGINX_TIMEOUT%s ipv6=off;
   resolver_timeout %NGINX_TIMEOUT%s;
 
   proxy_buffering on;
@@ -51,6 +51,25 @@ http {
   text/xml
   ;
 
+  init_by_lua_block {
+    onion_mappings = {}
+    %%BEGIN
+    onion_mappings["%ONION_ADDRESS%"] = "%DNS_DOMAIN%"
+    %%END
+
+    onion_lookup = function (o)
+      return ( onion_mappings[o[1]] or "invalid.invalid" )
+    end
+
+    onion_sub = function (i)
+      if i == nil then
+        return nil
+      end
+      local o, num, errs = ngx.re.gsub(i, "\\b([a-z2-7]{16}\\.onion)\\b", onion_lookup, "io")
+      return o
+    end
+  }
+
   %%BEGIN
   subs_filter \b%DNS_DOMAIN%\b %ONION_ADDRESS% ri;
   proxy_cookie_domain %DNS_DOMAIN% %ONION_ADDRESS%;
@@ -121,6 +140,16 @@ http {
       proxy_set_header Connection $connection_upgrade; # SSL
       proxy_set_header Upgrade $http_upgrade; # SSL
       proxy_ssl_server_name on; # SSL
+
+      set_by_lua_block $referer2 {
+        return onion_sub(ngx.var.http_referer)
+      }
+      proxy_set_header Referer $referer2;
+
+      set_by_lua_block $origin2 {
+        return onion_sub(ngx.var.http_origin)
+      }
+      proxy_set_header Origin $origin2;
     }
   }