diff --git a/defaults/main.yml b/defaults/main.yml
index e9ce644142a6375e1269f9a3a0e9237b5c845c28..62343413d6f7f11e4dff14ba0c46b6eb88a95c48 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -46,6 +46,7 @@ nginx_vhosts_defaults:
   hide_proxy_headers: {}
   backend: ~
   disallow_dotfiles: True
+  force_forwarded_ssl_header: False
 
 nginx_streams_defaults:
   listen:
diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2
index 255d316b106290741ed94dca576ae073bfeb15f4..9b968a805f9f7749163ab99459658f9974981bae 100644
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@@ -53,9 +53,15 @@ server {
 		proxy_set_header Host			{{ location.host|d(vhost.host) }};
 		proxy_set_header X-Real-IP		$remote_addr;
 		proxy_set_header X-Forwarded-For	$proxy_add_x_forwarded_for;
+		{% if not location.force_forwarded_ssl_header|d(vhost.force_forwarded_ssl_header) %}
 		proxy_set_header X-Forwarded-Proto	$scheme;
 		proxy_set_header X-Forwarded-Ssl	$https;
 		proxy_set_header X-Url-Scheme		$scheme;
+		{% else %}
+		proxy_set_header X-Forwarded-Proto	https;
+		proxy_set_header X-Forwarded-Ssl	on;
+		proxy_set_header X-Url-Scheme		https;
+		{% endif %}
 
 		# add custom proxy headers
 		{% for header in vhost.add_proxy_headers if header %}