diff --git a/defaults/main.yml b/defaults/main.yml
index 63269b50..41b713fd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -291,12 +291,6 @@ nova_vencrypt_ca_certs: "/etc/pki/nova-novncproxy/ca-cert.pem"
 # it is possible to remove the none option from the list
 nova_vencrypt_auth_scheme: "vencrypt,none"
 
-# Set to true when terminating SSL/TLS at a load balancer
-nova_external_ssl: "{{ openstack_external_ssl | default(False) }}"
-
-# External SSL forwarding proto
-nova_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
-
 ## Nova global config
 nova_image_cache_manager_interval: 0
 
diff --git a/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml
new file mode 100644
index 00000000..b6456a88
--- /dev/null
+++ b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml
@@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    Variables ``nova_external_ssl`` and ``nova_secure_proxy_ssl_header``
+    have been removed since secure_proxy_ssl_header option from nova.conf
+    they controlled has been deprecated and has no effect.
diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2
index 3dd51e3c..cfe276a8 100644
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@@ -279,9 +279,7 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 
 [wsgi]
 api_paste_config = /etc/nova/api-paste.ini
-{% if nova_external_ssl | bool %}
-secure_proxy_ssl_header = {{ nova_secure_proxy_ssl_header }}
-{% endif %}
+
 
 [api]
 use_forwarded_for = {{ nova_network_services[nova_network_type]['use_forwarded_for'] | bool }}