diff --git a/playbooks/files/learning-omero-web.conf b/playbooks/files/learning-omero-web.conf
deleted file mode 100644
index 9bbf914e..00000000
--- a/playbooks/files/learning-omero-web.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-server {
-    listen      80;
-    server_name learning.openmicroscopy.org;
-    return      301 https://$server_name$request_uri;
-}
-
-server {
-    listen      443 ssl;
-    server_name learning.openmicroscopy.org;
-
-    ssl_certificate     /etc/pki/tls/certs/star_openmicroscopy_org.crt+bundle;
-    ssl_certificate_key /etc/pki/tls/private/star_openmicroscopy_org.key;
-    ssl_protocols       TLSv1.2;
-
-    add_header Strict-Transport-Security "max-age=31536000" always;
-
-    sendfile on;
-    client_max_body_size 0;
-
-    location / {
-        rewrite ^/$ /dundee/ permanent;
-    }
-
-    location /schools {
-        rewrite ^ /dundee/ permanent;
-    }
-
-    location /dundee {
-        error_page 502 @maintenance;
-        # checks for static file, if not found proxy to app
-        try_files $uri @proxy_to_app;
-    }
-
-    location /dundee/static {
-        alias /opt/omero/web/OMERO.web/var/static;
-    }
-
-    location @maintenance {
-        root /opt/omero/server/OMERO.server/etc/templates/error;
-        try_files $uri /maintainance.html =502;
-    }
-
-    location @proxy_to_app {
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
-        proxy_redirect off;
-        proxy_buffering off;
-
-        proxy_pass http://127.0.0.1:4080;
-    }
-}
diff --git a/playbooks/files/sls-gallery-omero-web.conf b/playbooks/files/sls-gallery-omero-web.conf
deleted file mode 100644
index e24ec719..00000000
--- a/playbooks/files/sls-gallery-omero-web.conf
+++ /dev/null
@@ -1,48 +0,0 @@
-server {
-    listen      80;
-    server_name sls-repo.openmicroscopy.org;
-    return      301 https://$server_name$request_uri;
-}
-
-server {
-    listen      443 ssl;
-    server_name sls-repo.openmicroscopy.org;
-
-    ssl_certificate     /etc/pki/tls/certs/star_openmicroscopy_org.crt+bundle;
-    ssl_certificate_key /etc/pki/tls/private/star_openmicroscopy_org.key;
-    ssl_protocols       TLSv1.2;
-
-    add_header Strict-Transport-Security "max-age=31536000" always;
-
-    sendfile on;
-    client_max_body_size 0;
-
-    location / {
-        rewrite ^/$ /ome-sls/ permanent;
-    }
-
-    location /ome-sls {
-        error_page 502 @maintenance;
-        # checks for static file, if not found proxy to app
-        try_files $uri @proxy_to_app;
-    }
-
-    location /ome-sls/static {
-        alias /opt/omero/web/OMERO.web/var/static;
-    }
-
-    location @maintenance {
-        root /opt/omero/server/OMERO.server/etc/templates/error;
-        try_files $uri /maintainance.html =502;
-    }
-
-    location @proxy_to_app {
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
-        proxy_redirect off;
-        proxy_buffering off;
-
-        proxy_pass http://127.0.0.1:4080;
-    }
-}
diff --git a/playbooks/ome-demoserver.yml b/playbooks/ome-demoserver.yml
index 2548c499..cdbc699a 100644
--- a/playbooks/ome-demoserver.yml
+++ b/playbooks/ome-demoserver.yml
@@ -193,7 +193,8 @@
         state: directory
         mode: 0755
         recurse: true
-        owner: root
+        owner: "omero-server"
+        group: "omero-server"
 
     - name: Download the Figure_To_Pdf.py script
       become: true
@@ -209,6 +210,7 @@
         force: true
 
   vars:
+    nginx_version: 1.26.2
     omero_figure_release: >-
       {{ omero_figure_release_override | default('7.2.0') }}
     omero_figure_script_release: >-
@@ -227,8 +229,8 @@
       {{ omero_signup_release_override | default('0.3.3') }}
 
     omero_server_release: >-
-      {{ omero_server_release_override | default('5.6.13') }}
-    omero_web_release: "{{ omero_web_release_override | default('5.27.2') }}"
+      {{ omero_server_release_override | default('5.6.14') }}
+    omero_web_release: "{{ omero_web_release_override | default('5.28.0') }}"
     omero_py_release: "{{ omero_py_release_override | default('5.19.5') }}"
     # For https://github.com/openmicroscopy/ansible-role-java,
     # which is a dependency.
diff --git a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2 b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
index cc323a39..940af0e2 100644
--- a/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
+++ b/playbooks/templates/nginx-confdnestedincludes-ssl-conf.j2
@@ -10,6 +10,10 @@ ssl_certificate_key {{ ssl_certificate_key_path }};
 # http://nginx.org/en/docs/http/configuring_https_servers.html
 ssl_prefer_server_ciphers on;
 
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+
+
 # HTTP Strict Transport Security (HSTS)
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;