diff --git a/container-images/tripleo_kolla_template_overrides.j2 b/container-images/tripleo_kolla_template_overrides.j2
index 76b3fb277..83cebf36a 100644
--- a/container-images/tripleo_kolla_template_overrides.j2
+++ b/container-images/tripleo_kolla_template_overrides.j2
@@ -93,6 +93,9 @@ RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
 # isn't valid here.
 {% set neutron_dhcp_agent_packages = ['docker', 'podman'] %}
 
+# NOTE(beagles): octavia-api with TLS everywhere needs these packages
+{% set octavia_api_packages_append = ['httpd', 'mod_ssl'] %}
+
 # NOTE (jaosorior): redis with TLS everywhere needs these packages.
 # redis resource-agent requires pidof
 {% set redis_packages_append = ['stunnel', 'sysvinit-tools',
@@ -497,7 +500,10 @@ RUN mkdir -p /openstack && \
 {% endblock %}
 
 {% block octavia_api_footer %}
-RUN mkdir -p /openstack && \
+RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
+    && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \
+    && echo "if [[ "\$\(whoami\)" == 'root' ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*; fi" >> /usr/local/bin/kolla_octavia_extend_start; \
+    mkdir -p /openstack && \
     ln -s /usr/share/openstack-tripleo-common/healthcheck/octavia-api /openstack/healthcheck && \
     chmod a+rx /openstack/healthcheck
 {% endblock %}
diff --git a/releasenotes/notes/octavia-internal-tls-support-f595ed1c3a1f3353.yaml b/releasenotes/notes/octavia-internal-tls-support-f595ed1c3a1f3353.yaml
new file mode 100644
index 000000000..b0226900f
--- /dev/null
+++ b/releasenotes/notes/octavia-internal-tls-support-f595ed1c3a1f3353.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Add missing httpd and mod_ssl packages to octavia container image to
+    support TLS proxy for internal TLS.