diff --git a/cmd/proxy/server.go b/cmd/proxy/server.go
index 97c4c1147..a39e85630 100644
--- a/cmd/proxy/server.go
+++ b/cmd/proxy/server.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"
 	"os"
+	"strconv"
 
 	log "github.com/sirupsen/logrus"
 
@@ -20,7 +21,8 @@ Required environment variables:
 - AUTHENTIK_INSECURE: Skip SSL Certificate verification
 
 Optionally, you can set these:
-- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
+- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
+- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
 
 func main() {
 	log.SetLevel(log.DebugLevel)
@@ -36,6 +38,15 @@ func main() {
 		fmt.Println(helpMessage)
 		os.Exit(1)
 	}
+	portOffset := 0
+	portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
+	if portOffsetS != "" {
+		v, err := strconv.Atoi(portOffsetS)
+		if err != nil {
+			fmt.Println(err.Error())
+		}
+		portOffset = v
+	}
 
 	akURLActual, err := url.Parse(akURL)
 	if err != nil {
@@ -49,7 +60,7 @@ func main() {
 
 	ac := ak.NewAPIController(*akURLActual, akToken)
 
-	ac.Server = proxyv2.NewProxyServer(ac)
+	ac.Server = proxyv2.NewProxyServer(ac, portOffset)
 
 	err = ac.Start()
 	if err != nil {
diff --git a/cmd/server/main.go b/cmd/server/main.go
index aad8c7f47..c278598bc 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -99,7 +99,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
 			}
 			continue
 		}
-		srv := proxyv2.NewProxyServer(ac)
+		srv := proxyv2.NewProxyServer(ac, 0)
 		ws.ProxyServer = srv
 		ac.Server = srv
 		log.WithField("logger", "authentik").Debug("attempting to start outpost")
diff --git a/internal/config/struct.go b/internal/config/struct.go
index cea63ba39..b28bb7df4 100644
--- a/internal/config/struct.go
+++ b/internal/config/struct.go
@@ -31,7 +31,6 @@ type WebConfig struct {
 	ListenTLS              string `yaml:"listen_tls"`
 	LoadLocalFiles         bool   `yaml:"load_local_files" env:"AUTHENTIK_WEB_LOAD_LOCAL_FILES"`
 	DisableEmbeddedOutpost bool   `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
-	OutpostPortOffset      int    `yaml:"outpost_port_offset"`
 }
 
 type PathsConfig struct {
diff --git a/internal/outpost/proxyv2/application/session.go b/internal/outpost/proxyv2/application/session.go
index 2f0695f79..06b8abb21 100644
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@@ -5,6 +5,7 @@ import (
 	"strconv"
 
 	"github.com/gorilla/sessions"
+	log "github.com/sirupsen/logrus"
 	"goauthentik.io/api"
 	"goauthentik.io/internal/config"
 	"gopkg.in/boj/redistore.v1"
@@ -13,15 +14,17 @@ import (
 func GetStore(p api.ProxyOutpostConfig) sessions.Store {
 	var store sessions.Store
 	if config.G.Redis.Host != "" {
-		rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB))
+		rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret))
 		if err != nil {
 			panic(err)
 		}
 		rs.Options.Domain = *p.CookieDomain
+		log.Info("using redis session backend")
 		store = rs
 	} else {
 		cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
 		cs.Options.Domain = *p.CookieDomain
+		log.Info("using cookie session backend")
 		store = cs
 	}
 	return store
diff --git a/internal/outpost/proxyv2/proxyv2.go b/internal/outpost/proxyv2/proxyv2.go
index 7469f6c01..18ccdda52 100644
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@@ -14,7 +14,6 @@ import (
 	"github.com/pires/go-proxyproto"
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/api"
-	"goauthentik.io/internal/config"
 	"goauthentik.io/internal/crypto"
 	"goauthentik.io/internal/outpost/ak"
 	"goauthentik.io/internal/outpost/proxyv2/application"
@@ -36,7 +35,7 @@ type ProxyServer struct {
 	akAPI       *ak.APIController
 }
 
-func NewProxyServer(ac *ak.APIController) *ProxyServer {
+func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
 	l := log.WithField("logger", "authentik.outpost.proxyv2")
 	defaultCert, err := crypto.GenerateSelfSignedCert()
 	if err != nil {
@@ -55,7 +54,7 @@ func NewProxyServer(ac *ak.APIController) *ProxyServer {
 	globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
 	s := &ProxyServer{
 		Listen:     "0.0.0.0:%d",
-		PortOffset: config.G.Web.OutpostPortOffset,
+		PortOffset: portOffset,
 
 		cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
 		apps:        make(map[string]*application.Application),