diff --git a/CHANGES b/CHANGES
index 335bccd2f..f286ea69f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2138,4 +2138,6 @@
 * mailbox can now owned by a group
 * linode: enable dns provider in setup view
 * dns: apps can now use the dns port
+* httpPaths: allow apps to specify forwarding from custom paths to container ports (for OLS)
+
 
diff --git a/package-lock.json b/package-lock.json
index df54aad5c..b5bdc200b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -501,7 +501,7 @@
     },
     "backoff": {
       "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
+      "resolved": false,
       "integrity": "sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=",
       "requires": {
         "precond": "0.2"
@@ -743,9 +743,9 @@
       }
     },
     "cloudron-manifestformat": {
-      "version": "5.8.3",
-      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.8.3.tgz",
-      "integrity": "sha512-8lrxUZlNUjReOOgPwFsARA2sVtHvmHFBUXFJ29Ss/sH89hMJneR2FihR6NTbi57UAE5AG+DH+ftHfaW+riWSgg==",
+      "version": "5.9.0",
+      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.9.0.tgz",
+      "integrity": "sha512-bgHadG6s4PRCCPbWGeZ3lC1TTt9rIb/F1eXTQDym6AboXfBMDUO3fZeADISBNCP305pwyUgVqDFR5yfjm/wOKA==",
       "requires": {
         "cron": "^1.8.2",
         "java-packagename-regex": "^1.0.0",
@@ -3818,7 +3818,7 @@
     },
     "precond": {
       "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
+      "resolved": false,
       "integrity": "sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw="
     },
     "pretty-bytes": {
diff --git a/package.json b/package.json
index 07e05dff6..f4c313ea0 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
     "aws-sdk": "^2.759.0",
     "basic-auth": "^2.0.1",
     "body-parser": "^1.19.0",
-    "cloudron-manifestformat": "^5.8.3",
+    "cloudron-manifestformat": "^5.9.0",
     "connect": "^3.7.0",
     "connect-lastmile": "^2.0.0",
     "connect-timeout": "^1.9.0",
diff --git a/src/nginxconfig.ejs b/src/nginxconfig.ejs
index 6c8ec154c..5d11e4888 100644
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -245,6 +245,12 @@ server {
         error_page 401 = @proxy-auth-login;
     <% } %>
 
+    <% Object.keys(httpPaths).forEach(function (path) { -%>
+        location "<%= path %>" {
+            proxy_pass http://<%= ip %>:<%= httpPaths[path] %>;
+        }
+    <% }); %>
+
         proxy_pass http://<%= ip %>:<%= port %>;
 <% } else if ( endpoint === 'redirect' ) { %>
         # redirect everything to the app. this is temporary because there is no way
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index c8950ac32..5fcda8104 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -465,7 +465,8 @@ function writeAppNginxConfig(app, bundle, callback) {
             proxyAuth: {
                 enabled: app.sso && app.manifest.addons && app.manifest.addons.proxyAuth,
                 id: app.id
-            }
+            },
+            httpPaths: app.manifest.httpPaths || {}
         };
         var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);