diff --git a/defaults/main.yml b/defaults/main.yml
index 1e1c609c..247c97cc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -164,6 +164,10 @@ nova_console_ssl_dir: "/etc/nova/ssl"
 nova_console_ssl_cert: "{{ nova_console_ssl_dir }}/nova-console.pem"
 nova_console_ssl_key: "{{ nova_console_ssl_dir }}/nova-console.key"
 
+# External SSL forwarding proto
+nova_ssl_external: true
+nova_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
+
 ## Nova global config
 nova_cpu_mode: host-model
 nova_linuxnet_interface_driver: nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2
index 2c558667..d083117a 100644
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@@ -13,6 +13,10 @@ state_path = {{ nova_system_home_folder }}
 rootwrap_config = /etc/nova/rootwrap.conf
 service_down_time = 120
 
+{% if nova_ssl_external | bool %}
+secure_proxy_ssl_header = {{ nova_secure_proxy_ssl_header }}
+{% endif %}
+
 # Quota
 quota_cores = {{ nova_quota_cores }}
 quota_fixed_ips = {{ nova_quota_fixed_ips }}
@@ -172,6 +176,7 @@ user_domain_name = {{ neutron_service_domain_name |default("Default") }}
 project_domain_name = {{ neutron_service_domain_name |default("Default") }}
 # Keystone client plugin authentication URL option
 auth_url = {{ keystone_service_adminurl }}
+insecure = {{ keystone_service_adminuri_insecure | bool }}
 metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
 service_metadata_proxy = {{ nova_metadata_proxy_enabled }}