diff --git a/example/images/unifi/Dockerfile b/example/images/unifi/Dockerfile
index e56f0a0..a32abea 100644
--- a/example/images/unifi/Dockerfile
+++ b/example/images/unifi/Dockerfile
@@ -1,6 +1,6 @@
 FROM danielberteaud/java:17.24.1-10 AS builder
 
-ARG UNIFI_VERSION=8.0.26
+ARG UNIFI_VERSION=8.0.28
 
 RUN set -euxo pipefail &&\
     apk --no-cache add curl ca-certificates unzip &&\
diff --git a/example/unifi.nomad.hcl b/example/unifi.nomad.hcl
index 6c8f080..7cab8a8 100644
--- a/example/unifi.nomad.hcl
+++ b/example/unifi.nomad.hcl
@@ -58,7 +58,10 @@ job "unifi" {
         "traefik.http.routers.unifi.entrypoints=https",
         "traefik.http.routers.unifi.rule=Host(`unifi.example.org`)",
         "traefik.http.middlewares.csp-unifi.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
-        "traefik.http.routers.unifi.middlewares=security-headers@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-unifi",
+        "traefik.http.middlewares.unifi-inflight.inflightreq.amount=300",
+        "traefik.http.middlewares.unifi-rate-limit.ratelimit.average=100",
+        "traefik.http.middlewares.unifi-rate-limit.ratelimit.burst=200",
+        "traefik.http.routers.unifi.middlewares=security-headers@file,unifi-rate-limit,forward-proto@file,inflight-std@file,unifi-inflight,hsts@file,compression@file,csp-unifi",
 
 
         "traefik.enable=true",
@@ -250,7 +253,7 @@ _EOF
       driver = "docker"
 
       config {
-        image = "danielberteaud/unifi:8.0.26-3"
+        image = "danielberteaud/unifi:8.0.28-1"
         volumes = [
           "local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
         ]
@@ -285,6 +288,7 @@ _EOF
       env {
 
 
+        TMPDIR = "/local/tmp"
       }
 
       # Use a template block instead of env {} so we can fetch values from vault
diff --git a/images/unifi/Dockerfile b/images/unifi/Dockerfile
index fb06c6d..e41b758 100644
--- a/images/unifi/Dockerfile
+++ b/images/unifi/Dockerfile
@@ -1,6 +1,6 @@
 FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]] AS builder
 
-ARG UNIFI_VERSION=8.0.26
+ARG UNIFI_VERSION=[[ .unifi.controller.version ]]
 
 RUN set -euxo pipefail &&\
     apk --no-cache add curl ca-certificates unzip &&\
diff --git a/unifi.nomad.hcl b/unifi.nomad.hcl
index 780dd85..7012a64 100644
--- a/unifi.nomad.hcl
+++ b/unifi.nomad.hcl
@@ -126,6 +126,7 @@ _EOF
 
       env {
         [[ template "common/proxy_env" . ]]
+        TMPDIR = "/local/tmp"
       }
 
 [[ template "common/file_env" $c ]]
diff --git a/variables.yml b/variables.yml
index 4fd5d4d..190eb16 100644
--- a/variables.yml
+++ b/variables.yml
@@ -17,8 +17,11 @@ unifi:
     # The driver to use (docker or podman)
     driver: docker
 
+    # Version of the controller to deploy
+    version: 8.0.28
+
     # The image for the controller
-    image: '[[ .docker.repo ]]unifi:8.0.26-3'
+    image: '[[ .docker.repo ]]unifi:[[ .unifi.controller.version ]]-1'
 
     vault:
       policies: