diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml
index 43c43d9..60ad8d5 100644
--- a/roles/bookstack/defaults/main.yml
+++ b/roles/bookstack/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-bookstack_version: 21.08.3
+bookstack_version: 21.08.4
 # URL of the arhive
 bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz
 # Expected sha1 of the archive
-bookstack_archive_sha1: 1f860b8e91d6664446556c9b14b80a8c413c401e
+bookstack_archive_sha1: 3dd16d716344622ef539278d411808eceabbb301
 
 # Should ansible handle bookstack upgrades or just the inintial install
 bookstack_manage_upgrade: True
@@ -29,7 +29,14 @@ bookstack_web_alias: /bookstack_{{ bookstack_id }}
 
 # You can restrict access to bookstack. If not defined or empty,
 # no restriction will be made
-bookstack_src_ip: []
+bookstack_src_ip: "{{ httpd_ssl_src_ip | default(httpd_src_ip) | default([]) }}"
+
+# List of trusted proxies from which we can trust the X-Forwarded-For header
+# Useful to get real client IP when BookStack is running behind a reverse proxy
+# bookstack_trusted_proxies:
+#   - 10.99.2.10
+# The default value is to use the same as bookstack_src_ip if it's not empty and doesn't contain 0.0.0.0/0
+bookstack_trusted_proxies: "{{ (bookstack_src_ip | length > 0 and '0.0.0.0/0' not in bookstack_src_ip) | ternary(bookstack_src_ip, []) }}"
 
 # MySQL Database
 bookstack_db_server: "{{ mysql_server | default('locaclhost') }}"
diff --git a/roles/bookstack/templates/env.j2 b/roles/bookstack/templates/env.j2
index 93e5272..9fdbdb8 100644
--- a/roles/bookstack/templates/env.j2
+++ b/roles/bookstack/templates/env.j2
@@ -20,6 +20,9 @@ SESSION_SECURE_COOKIE={{ (bookstack_public_url | urlsplit('scheme') == 'https')
 SESSION_COOKIE_NAME=bookstack_{{ bookstack_id }}_session
 SESSION_LIFETIME={{ bookstack_session_lifetime }}
 CACHE_PREFIX=bookstack_{{ bookstack_id }}
+{% if bookstack_trusted_proxies | length > 0 %}
+APP_PROXIES={{ bookstack_trusted_proxies | join(',') }}
+{% endif %}
 {% for key in bookstack_settings.keys() | list %}
 {{ key }}="{{ bookstack_settings[key] }}"
 {% endfor %}
diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml
index 9de1ed5..80e495a 100644
--- a/roles/diagrams/defaults/main.yml
+++ b/roles/diagrams/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Veresion of diagrams to deploy
-diagrams_version: 15.3.6
+diagrams_version: 15.4.1
 # URL of the WAR file to deploy
 diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war
 # Expected sha1 of the WAR file
-diagrams_war_sha1: 5d43196a8fa3e65e014d149ad6f75ad8d16c8f99
+diagrams_war_sha1: 6e1a6a059362d8608921bef15a7cc6737de0d179
 # root directory of the installation
 diagrams_root_dir: /opt/diagrams
 # Should ansible manage upgrades, or just initial install ?
diff --git a/roles/seafile/tasks/install.yml b/roles/seafile/tasks/install.yml
index cb189ff..32fde41 100644
--- a/roles/seafile/tasks/install.yml
+++ b/roles/seafile/tasks/install.yml
@@ -280,7 +280,9 @@
 - name: Add a cron job for garbage collector
   cron:
     name: seafile_gc
-    special_time: weekly
+    minute: 10
+    hour: 02
+    weekday: 0
     user: root
     job: '{{ seafile_root_dir }}/seafile-server/gc.sh'
     cron_file: seafile_gc