diff --git a/manifests/profile/base/nova/ec2api.pp b/manifests/profile/base/nova/ec2api.pp
index 1831c92ad..5a45d78bb 100644
--- a/manifests/profile/base/nova/ec2api.pp
+++ b/manifests/profile/base/nova/ec2api.pp
@@ -112,11 +112,12 @@ class tripleo::profile::base::nova::ec2api (
       $ec2_api_tls_keyfile = $certificates_specs["httpd-${ec2_api_network}"]['service_key']
 
       ::tripleo::tls_proxy { 'ec2-api':
-        servername => $ec2_api_tls_proxy_fqdn,
-        ip         => $ec2_api_tls_proxy_bind_ip,
-        port       => $ec2_api_tls_proxy_port,
-        tls_cert   => $ec2_api_tls_certfile,
-        tls_key    => $ec2_api_tls_keyfile,
+        servername    => $ec2_api_tls_proxy_fqdn,
+        ip            => $ec2_api_tls_proxy_bind_ip,
+        port          => $ec2_api_tls_proxy_port,
+        tls_cert      => $ec2_api_tls_certfile,
+        tls_key       => $ec2_api_tls_keyfile,
+        preserve_host => true,
       }
       Tripleo::Tls_proxy['ec2-api'] ~> Anchor<| title == 'ec2api::service::begin' |>
 
diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp
index 34cc731c4..344adbd61 100644
--- a/manifests/tls_proxy.pp
+++ b/manifests/tls_proxy.pp
@@ -33,26 +33,33 @@
 # [*tls_key*]
 #   The path to the key used for the specified certificate.
 #
+# [*preserve_host*]
+#   (Optional) Whether the Host header is perserved in proxied requests.
+#   See the Apache ProxyPreserveHost directive docs.
+#   Defaults to false
+
 define tripleo::tls_proxy(
   $ip,
   $port,
   $servername,
   $tls_cert,
   $tls_key,
+  $preserve_host = false
 ) {
   include ::apache
   ::apache::vhost { "${title}-proxy":
-    ensure          => 'present',
-    docroot         => false,  # This is required by the manifest
-    manage_docroot  => false,
-    servername      => $servername,
-    ip              => $ip,
-    port            => $port,
-    ssl             => true,
-    ssl_cert        => $tls_cert,
-    ssl_key         => $tls_key,
-    request_headers => ['set X-Forwarded-Proto "https"'],
-    proxy_pass      => {
+    ensure              => 'present',
+    docroot             => false,  # This is required by the manifest
+    manage_docroot      => false,
+    servername          => $servername,
+    ip                  => $ip,
+    port                => $port,
+    ssl                 => true,
+    ssl_cert            => $tls_cert,
+    ssl_key             => $tls_key,
+    request_headers     => ['set X-Forwarded-Proto "https"'],
+    proxy_preserve_host => $preserve_host,
+    proxy_pass          => {
       path   => '/',
       url    => "http://localhost:${port}/",
       params => {retry => '10'},