diff --git a/assets/runtime/config/nginx/gitlab b/assets/runtime/config/nginx/gitlab
index 6cba103b..f4a4760f 100644
--- a/assets/runtime/config/nginx/gitlab
+++ b/assets/runtime/config/nginx/gitlab
@@ -52,10 +52,15 @@ server {
 
     proxy_http_version 1.1;
 
-    proxy_set_header    Host                $http_host;
+    ## By overwriting Host and clearing X-Forwarded-Host we ensure that
+    ## internal HTTP redirects generated by GitLab always send users to
+    ## YOUR_SERVER_FQDN.
+    proxy_set_header    Host                {{GITLAB_HOST}};
+    proxy_set_header    X-Forwarded-Host    "";
+
     proxy_set_header    X-Real-IP           $remote_addr;
     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    X-Forwarded-Proto   $scheme;
 
     proxy_pass http://gitlab-workhorse;
   }
diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl
index b0730bff..bd6d21b4 100644
--- a/assets/runtime/config/nginx/gitlab-ssl
+++ b/assets/runtime/config/nginx/gitlab-ssl
@@ -98,11 +98,16 @@ server {
 
     proxy_http_version 1.1;
 
-    proxy_set_header    Host                $http_host;
+    ## By overwriting Host and clearing X-Forwarded-Host we ensure that
+    ## internal HTTP redirects generated by GitLab always send users to
+    ## YOUR_SERVER_FQDN.
+    proxy_set_header    Host                {{GITLAB_HOST}};
+    proxy_set_header    X-Forwarded-Host    "";
+
     proxy_set_header    X-Real-IP           $remote_addr;
     proxy_set_header    X-Forwarded-Ssl     on;
     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    X-Forwarded-Proto   $scheme;
     proxy_pass http://gitlab-workhorse;
   }