diff --git a/Changelog.md b/Changelog.md
index f8b1e782..e9a4ed14 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,7 @@
 # Changelog
 
 **latest**
+- added NGINX_X_FORWARDED_PROTO configuration option
 - optimization: talk directly to the unicorn worker from gitlab-shell
 
 **7.2.1**
diff --git a/README.md b/README.md
index 6a409cc0..d4fe0728 100644
--- a/README.md
+++ b/README.md
@@ -753,6 +753,7 @@ Below is the complete list of available options that can be used to customize yo
 - **SSL_DHPARAM_PATH**: Location of the dhparam file. Defaults to `/home/git/data/certs/dhparam.pem`
 - **CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
 - **NGINX_MAX_UPLOAD_SIZE**: Maximum acceptable upload size. Defaults to `20m`.
+- **NGINX_X_FORWARDED_PROTO**: Advanced configuration option for the `proxy_set_header X-Forwarded-Proto` setting in the gitlab nginx vHost configuration. Defaults to `https` when `GITLAB_HTTPS` is `true`, else defaults to `$scheme`.
 - **REDIS_HOST**: The hostname of the redis server. Defaults to `localhost`
 - **REDIS_PORT**: The connection port of the redis server. Defaults to `6379`.
 - **UNICORN_WORKERS**: The number of unicorn workers to start. Defaults to `2`.
diff --git a/assets/config/nginx/gitlab b/assets/config/nginx/gitlab
index 90f22c92..71ed9e90 100644
--- a/assets/config/nginx/gitlab
+++ b/assets/config/nginx/gitlab
@@ -51,7 +51,7 @@ server {
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
 
-    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_set_header   X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
     proxy_set_header   Host              $http_host;
     proxy_set_header   X-Real-IP         $remote_addr;
     proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
diff --git a/assets/config/nginx/gitlab.https.permissive b/assets/config/nginx/gitlab.https.permissive
index f54de154..1cbcec7c 100644
--- a/assets/config/nginx/gitlab.https.permissive
+++ b/assets/config/nginx/gitlab.https.permissive
@@ -91,7 +91,7 @@ server {
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
 
-    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_set_header   X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}};
     proxy_set_header   Host              $http_host;
     proxy_set_header   X-Real-IP         $remote_addr;
     proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
@@ -183,7 +183,7 @@ server {
     proxy_set_header    X-Real-IP           $remote_addr;
     proxy_set_header    X-Forwarded-Ssl     on;
     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
     proxy_set_header    X-Frame-Options     SAMEORIGIN;
 
     proxy_pass http://gitlab;
diff --git a/assets/config/nginx/gitlab.https.strict b/assets/config/nginx/gitlab.https.strict
index f83057f2..887b3a9c 100644
--- a/assets/config/nginx/gitlab.https.strict
+++ b/assets/config/nginx/gitlab.https.strict
@@ -143,7 +143,7 @@ server {
     proxy_set_header    X-Real-IP           $remote_addr;
     proxy_set_header    X-Forwarded-Ssl     on;
     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-Proto   $scheme;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
     proxy_set_header    X-Frame-Options     SAMEORIGIN;
 
     proxy_pass http://gitlab;
diff --git a/assets/init b/assets/init
index 7e6481f5..afdf4353 100755
--- a/assets/init
+++ b/assets/init
@@ -132,9 +132,11 @@ esac
 case "${GITLAB_HTTPS}" in
   true)
     GITLAB_PORT=${GITLAB_PORT:-443}
+    NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https}
     ;;
   *)
     GITLAB_PORT=${GITLAB_PORT:-80}
+    NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme}
     ;;
 esac
 
@@ -454,6 +456,7 @@ sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/site
 sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
 sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/gitlab
 sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/g' -i /etc/nginx/sites-enabled/gitlab
+sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/gitlab
 
 # configure relative_url_root
 if [ -n "${GITLAB_RELATIVE_URL_ROOT}" ]; then