diff --git a/lib/cinder b/lib/cinder
index 22c5168089..bc0c13fb88 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -296,8 +296,7 @@ function configure_cinder {
             # Set the service port for a proxy to take the original
             if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
                 iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
-                iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
-                iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
+                iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True
             else
                 iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
                 iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
diff --git a/lib/neutron b/lib/neutron
index fdcf0d517e..2ffabd416b 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -242,6 +242,7 @@ function configure_neutron_new {
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
+        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     # Metering
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 784f3a8167..f9e0bd6ded 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -718,6 +718,7 @@ function _configure_neutron_common {
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
+        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     _neutron_setup_rootwrap
diff --git a/lib/nova b/lib/nova
index 1a43404fe4..c641499146 100644
--- a/lib/nova
+++ b/lib/nova
@@ -555,6 +555,7 @@ function create_nova_conf {
 
     if is_service_enabled tls-proxy; then
         iniset $NOVA_CONF DEFAULT glance_protocol https
+        iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     if is_service_enabled n-sproxy; then
diff --git a/lib/tls b/lib/tls
index b7ad644f5c..0baf86caa9 100644
--- a/lib/tls
+++ b/lib/tls
@@ -527,6 +527,7 @@ $listen_string
     # for swift functional testing to work with tls enabled. It is 2 bytes
     # larger than the apache default of 8190.
     LimitRequestFieldSize $f_header_size
+    RequestHeader set X-Forwarded-Proto "https"
 
     <Location />
         ProxyPass http://$b_host:$b_port/ retry=0 nocanon
@@ -541,7 +542,7 @@ EOF
     if is_suse ; then
         sudo a2enflag SSL
     fi
-    for mod in ssl proxy proxy_http; do
+    for mod in headers ssl proxy proxy_http; do
         enable_apache_mod $mod
     done
     enable_apache_site $b_service