diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index aa52f335..2a568bd3 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -2,6 +2,9 @@ set $test "";
 if ($scheme = "http") {
 	set $test "H";
 }
+if ($http_x_forwarded_proto = "https") {
+	set $test "";
+}
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
index d346c4ef..7fa1da31 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -1,7 +1,13 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
-proxy_set_header X-Forwarded-Proto  $scheme;
+
+set $origin_scheme $scheme;
+if ($http_x_forwarded_proto != "") {
+	set $origin_scheme $http_x_forwarded_proto;
+}
+proxy_set_header X-Forwarded-Scheme $origin_scheme;
+proxy_set_header X-Forwarded-Proto  $origin_scheme;
+
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_pass       $forward_scheme://$server:$port$request_uri;