diff --git a/base/lasuite/oidc-clients.yaml b/base/lasuite/oidc-clients.yaml
index 5b07297..da78d9c 100644
--- a/base/lasuite/oidc-clients.yaml
+++ b/base/lasuite/oidc-clients.yaml
@@ -119,7 +119,7 @@ spec:
     - code
   scope: openid email profile
   redirectUris:
-    - https://people.DOMAIN_SUFFIX/oidc/callback/
+    - https://people.DOMAIN_SUFFIX/api/v1.0/callback/
   tokenEndpointAuthMethod: client_secret_basic
   secretName: oidc-people
   skipConsent: true
diff --git a/base/lasuite/people-values.yaml b/base/lasuite/people-values.yaml
index 4369dd2..316442c 100644
--- a/base/lasuite/people-values.yaml
+++ b/base/lasuite/people-values.yaml
@@ -118,6 +118,11 @@ backend:
       secretKeyRef:
         name: people-django-secret
         key: DJANGO_SECRET_KEY
+    # Production settings class enables SECURE_PROXY_SSL_HEADER so Django builds
+    # https:// URLs when Pingora forwards X-Forwarded-Proto: https.
+    DJANGO_CONFIGURATION:      Production
+    # Production's ALLOWED_HOSTS reads ALLOWED_HOSTS (no DJANGO_ prefix).
+    ALLOWED_HOSTS:             people.DOMAIN_SUFFIX
     DJANGO_ALLOWED_HOSTS:      people.DOMAIN_SUFFIX
     DJANGO_CSRF_TRUSTED_ORIGINS: https://people.DOMAIN_SUFFIX