diff --git a/Dockerfile b/Dockerfile
index 2c3aacba3..20205e718 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM golang:1.21.3-alpine3.18 as go-builder
+FROM docker.io/golang:1.24.2-alpine3.21 AS go-builder
+
 WORKDIR /authorizer
 COPY server server
 COPY Makefile .
@@ -11,7 +12,7 @@ RUN apk add build-base &&\
     make clean && make && \
     chmod 777 build/server
 
-FROM node:20-alpine3.18 as node-builder
+FROM node:alpine AS node-builder
 WORKDIR /authorizer
 COPY app app
 COPY dashboard dashboard
@@ -20,7 +21,7 @@ RUN apk add build-base &&\
     make build-app && \
     make build-dashboard
 
-FROM alpine:3.18
+FROM alpine:3.21
 RUN adduser -D -h /authorizer -u 1000 -k /dev/null authorizer
 WORKDIR /authorizer
 RUN mkdir app dashboard
diff --git a/server/resolvers/validate_jwt_token.go b/server/resolvers/validate_jwt_token.go
index 7dbb32fde..69851bd27 100644
--- a/server/resolvers/validate_jwt_token.go
+++ b/server/resolvers/validate_jwt_token.go
@@ -62,7 +62,10 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
 		}
 	}
 
-	hostname := parsers.GetHost(gc)
+	hostname := gc.Request.Header.Get("X-Forwarded-Host")
+	if hostname == "" {
+		hostname = parsers.GetHost(gc)
+	}
 
 	// we cannot validate nonce in case of id_token as that token is not persisted in session store
 	if nonce != "" {
diff --git a/server/token/jwt.go b/server/token/jwt.go
index 4e5f0ed93..06aab2c53 100644
--- a/server/token/jwt.go
+++ b/server/token/jwt.go
@@ -2,6 +2,7 @@ package token
 
 import (
 	"errors"
+	"fmt"
 
 	"github.com/golang-jwt/jwt"
 
@@ -156,7 +157,7 @@ func ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, hostname, subject string
 	}
 
 	if claims["iss"] != hostname {
-		return false, errors.New("invalid issuer")
+		return false, fmt.Errorf("invalid issuer iss[%s] != hostname[%s]", claims["iss"], hostname)
 	}
 
 	if claims["sub"] != subject {