diff --git a/images/bounca/Dockerfile b/images/bounca/Dockerfile
index a4a0148..dfe0253 100644
--- a/images/bounca/Dockerfile
+++ b/images/bounca/Dockerfile
@@ -10,12 +10,11 @@ RUN set -euxo pipefail &&\
       curl \
       ca-certificates \
       rdfind \
+      git \
     &&\
-    curl -sSLo bounca.tar.gz https://github.com/repleo/bounca/releases/download/v${BOUNCA_VERSION}/bounca.tar.gz &&\
     python3 -m venv venv &&\
     source /opt/venv/bin/activate &&\
-    tar xvzf bounca.tar.gz &&\
-    rm -f bounca.tar.gz &&\
+    git clone --depth=1 --branch=release/${BOUNCA_VERSION} https://gitlab.com/bounca/bounca.git &&\
     cd bounca &&\
     pip --no-cache-dir install -r requirements.txt &&\
     pip --no-cache-dir install \
diff --git a/images/bounca/root/opt/bounca/bounca/docker_settings.py b/images/bounca/root/opt/bounca/bounca/docker_settings.py
index 9fad921..f5c6179 100644
--- a/images/bounca/root/opt/bounca/bounca/docker_settings.py
+++ b/images/bounca/root/opt/bounca/bounca/docker_settings.py
@@ -32,3 +32,4 @@ CSRF_TRUSTED_ORIGINS = [
   "http://localhost:%d" % (os.environ.get('BOUNCA_BIND_ADDR').split(':'))[1],
   "https://%s" % os.environ.get('BOUNCA_HOST')
 ]
+
diff --git a/templates/docker_settings.py.tpl b/templates/docker_settings.py.tpl
index 088ba76..7776345 100644
--- a/templates/docker_settings.py.tpl
+++ b/templates/docker_settings.py.tpl
@@ -34,3 +34,4 @@ CSRF_TRUSTED_ORIGINS = [
 
 
 [[ .bounca.django_custom_settings ]]
+
diff --git a/variables.yml b/variables.yml
index c1f5abe..a029520 100644
--- a/variables.yml
+++ b/variables.yml
@@ -6,13 +6,14 @@ bounca:
   instance: bounca
 
   # The image to use
-  image: danielberteaud/bounca:0.4.4-2
+  image: danielberteaud/bounca:0.4.4-5
 
   # Env variable to pass to the container
   env:
     BOUNCA_DB_USER: '{{ with secret "[[ .vault.prefix ]]/database/creds/[[ .bounca.instance ]]" }}{{ .Data.username }}{{ end }}'
     BOUNCA_DB_PASSWORD: '{{ with secret "[[ .vault.prefix ]]/database/creds/[[ .bounca.instance ]]" }}{{ .Data.password }}{{ end }}'
     BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.prefix ]]/kv/service/[[ .bounca.instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'
+    BOUNCA_REMOTE_USER_HEADER: ''
 
   # Public URL where user can reach the app
   public_url: https://pki.example.org