diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 002e9a5690..16d92f5943 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -521,6 +521,7 @@ zookeeper_quorum_port: "3888"
 
 zun_api_port: "9517"
 zun_wsproxy_port: "6784"
+zun_wsproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
 zun_cni_daemon_port: "9036"
 
 vitrage_api_port: "8999"
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 4600a48229..491b821c07 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -118,7 +118,7 @@ host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_no
 [websocket_proxy]
 wsproxy_host = {{ api_interface_address }}
 wsproxy_port = {{ zun_wsproxy_port }}
-base_url = ws://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
+base_url = {{ zun_wsproxy_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
 
 [docker]
 api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
diff --git a/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml b/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml
new file mode 100644
index 0000000000..5d0dfd8bf6
--- /dev/null
+++ b/releasenotes/notes/bug-1957117-7832104d66a91da7.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+  - |
+    Fixes unable to connect to zun console when
+    ``kolla_enable_tls_external`` is true.
+    Access to console of any zun container fails when
+    ``kolla_enable_tls_external`` is true.
+    This fix sets the protocol for wsproxy ``base_url``
+    in ``zun.conf`` according to the value of
+    ``kolla_enable_tls_external``
+    `LP#1957117 <https://launchpad.net/bugs/1957117>`__