diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 3de626d..3519178 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -1,6 +1,13 @@
 # Rate limiting zones (before server block)
 limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=10r/m;
 
+# Use X-Forwarded-Proto from upstream proxy when present, fall back to $scheme for direct access
+map $http_x_forwarded_proto $forwarded_proto {
+    default $scheme;
+    https   https;
+    http    http;
+}
+
 server {
     listen 8080;
     server_name localhost;
@@ -62,7 +69,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $forwarded_proto;
         proxy_cache_bypass $http_upgrade;
     }
 
diff --git a/frontend/proxy-params.conf b/frontend/proxy-params.conf
index 8d88715..4b18310 100644
--- a/frontend/proxy-params.conf
+++ b/frontend/proxy-params.conf
@@ -3,4 +3,4 @@ proxy_http_version 1.1;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Forwarded-Proto $forwarded_proto;