diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md
index 55f4af392..6ffa79f3e 100644
--- a/controllers/nginx/configuration.md
+++ b/controllers/nginx/configuration.md
@@ -39,6 +39,7 @@ The following annotations are supported:
 |Name                 |type|
 |---------------------------|------|
 |[ingress.kubernetes.io/add-base-url](#rewrite)|true or false|
+|[ingress.kubernetes.io/base-url-scheme](#rewrite)|string|
 |[ingress.kubernetes.io/app-root](#rewrite)|string|
 |[ingress.kubernetes.io/affinity](#session-affinity)|cookie|
 |[ingress.kubernetes.io/auth-realm](#authentication)|string|
@@ -190,6 +191,8 @@ Set the annotation `ingress.kubernetes.io/rewrite-target` to the path expected b
 
 If the application contains relative links it is possible to add an additional annotation `ingress.kubernetes.io/add-base-url` that will prepend a [`base` tag](https://developer.mozilla.org/en/docs/Web/HTML/Element/base) in the header of the returned HTML from the backend.
 
+If the scheme of [`base` tag](https://developer.mozilla.org/en/docs/Web/HTML/Element/base) need to be specific, set the annotation `ingress.kubernetes.io/base-url-scheme` to the scheme such as `http` and `https`.
+
 If the Application Root is exposed in a different path and needs to be redirected, set the annotation `ingress.kubernetes.io/app-root` to redirect requests for `/`.
 
 Please check the [rewrite](/examples/rewrite/nginx/README.md) example.
diff --git a/controllers/nginx/pkg/template/template.go b/controllers/nginx/pkg/template/template.go
index a5192d396..b7d3dc860 100644
--- a/controllers/nginx/pkg/template/template.go
+++ b/controllers/nginx/pkg/template/template.go
@@ -304,9 +304,15 @@ func buildProxyPass(host string, b interface{}, loc interface{}) string {
 		if location.Rewrite.AddBaseURL {
 			// path has a slash suffix, so that it can be connected with baseuri directly
 			bPath := fmt.Sprintf("%s%s", path, "$baseuri")
-			abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host%v">' r;
+			if len(location.Rewrite.BaseURLScheme) > 0 {
+				abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="%v://$http_host%v">' r;
+	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="%v://$http_host%v">' r;
+	`, location.Rewrite.BaseURLScheme, bPath, location.Rewrite.BaseURLScheme, bPath)
+			} else {
+				abu = fmt.Sprintf(`subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host%v">' r;
 	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host%v">' r;
 	`, bPath, bPath)
+			}
 		}
 
 		if location.Rewrite.Target == slash {
diff --git a/controllers/nginx/pkg/template/template_test.go b/controllers/nginx/pkg/template/template_test.go
index d3fa2ee6a..824f8feb2 100644
--- a/controllers/nginx/pkg/template/template_test.go
+++ b/controllers/nginx/pkg/template/template_test.go
@@ -34,56 +34,64 @@ import (
 var (
 	// TODO: add tests for secure endpoints
 	tmplFuncTestcases = map[string]struct {
-		Path       string
-		Target     string
-		Location   string
-		ProxyPass  string
-		AddBaseURL bool
+		Path          string
+		Target        string
+		Location      string
+		ProxyPass     string
+		AddBaseURL    bool
+		BaseURLScheme string
 	}{
-		"invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false},
+		"invalid redirect / to /": {"/", "/", "/", "proxy_pass http://upstream-name;", false, ""},
 		"redirect / to /jenkins": {"/", "/jenkins", "~* /",
 			`
 	rewrite /(.*) /jenkins/$1 break;
 	proxy_pass http://upstream-name;
-	`, false},
+	`, false, ""},
 		"redirect /something to /": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
 	rewrite /something/(.*) /$1 break;
 	rewrite /something / break;
 	proxy_pass http://upstream-name;
-	`, false},
+	`, false, ""},
 		"redirect /end-with-slash/ to /not-root": {"/end-with-slash/", "/not-root", "~* ^/end-with-slash/(?<baseuri>.*)", `
 	rewrite /end-with-slash/(.*) /not-root/$1 break;
 	proxy_pass http://upstream-name;
-	`, false},
+	`, false, ""},
 		"redirect /something-complex to /not-root": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, `
 	rewrite /something-complex/(.*) /not-root/$1 break;
 	proxy_pass http://upstream-name;
-	`, false},
+	`, false, ""},
 		"redirect / to /jenkins and rewrite": {"/", "/jenkins", "~* /", `
 	rewrite /(.*) /jenkins/$1 break;
 	proxy_pass http://upstream-name;
 	subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/$baseuri">' r;
 	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/$baseuri">' r;
-	`, true},
+	`, true, ""},
 		"redirect /something to / and rewrite": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
 	rewrite /something/(.*) /$1 break;
 	rewrite /something / break;
 	proxy_pass http://upstream-name;
 	subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something/$baseuri">' r;
 	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something/$baseuri">' r;
-	`, true},
+	`, true, ""},
 		"redirect /end-with-slash/ to /not-root and rewrite": {"/end-with-slash/", "/not-root", `~* ^/end-with-slash/(?<baseuri>.*)`, `
 	rewrite /end-with-slash/(.*) /not-root/$1 break;
 	proxy_pass http://upstream-name;
 	subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r;
 	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/end-with-slash/$baseuri">' r;
-	`, true},
+	`, true, ""},
 		"redirect /something-complex to /not-root and rewrite": {"/something-complex", "/not-root", `~* ^/something-complex\/?(?<baseuri>.*)`, `
 	rewrite /something-complex/(.*) /not-root/$1 break;
 	proxy_pass http://upstream-name;
 	subs_filter '<head(.*)>' '<head$1><base href="$scheme://$http_host/something-complex/$baseuri">' r;
 	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="$scheme://$http_host/something-complex/$baseuri">' r;
-	`, true},
+	`, true, ""},
+		"redirect /something to / and rewrite with specific scheme": {"/something", "/", `~* ^/something\/?(?<baseuri>.*)`, `
+	rewrite /something/(.*) /$1 break;
+	rewrite /something / break;
+	proxy_pass http://upstream-name;
+	subs_filter '<head(.*)>' '<head$1><base href="http://$http_host/something/$baseuri">' r;
+	subs_filter '<HEAD(.*)>' '<HEAD$1><base href="http://$http_host/something/$baseuri">' r;
+	`, true, "http"},
 	}
 )
 
@@ -124,7 +132,7 @@ func TestBuildProxyPass(t *testing.T) {
 	for k, tc := range tmplFuncTestcases {
 		loc := &ingress.Location{
 			Path:    tc.Path,
-			Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL},
+			Rewrite: rewrite.Redirect{Target: tc.Target, AddBaseURL: tc.AddBaseURL, BaseURLScheme: tc.BaseURLScheme},
 			Backend: "upstream-name",
 		}
 
diff --git a/core/pkg/ingress/annotations/rewrite/main.go b/core/pkg/ingress/annotations/rewrite/main.go
index 52cb984fd..32cc421ae 100644
--- a/core/pkg/ingress/annotations/rewrite/main.go
+++ b/core/pkg/ingress/annotations/rewrite/main.go
@@ -26,6 +26,7 @@ import (
 const (
 	rewriteTo        = "ingress.kubernetes.io/rewrite-target"
 	addBaseURL       = "ingress.kubernetes.io/add-base-url"
+	baseURLScheme    = "ingress.kubernetes.io/base-url-scheme"
 	sslRedirect      = "ingress.kubernetes.io/ssl-redirect"
 	forceSSLRedirect = "ingress.kubernetes.io/force-ssl-redirect"
 	appRoot          = "ingress.kubernetes.io/app-root"
@@ -38,6 +39,8 @@ type Redirect struct {
 	// AddBaseURL indicates if is required to add a base tag in the head
 	// of the responses from the upstream servers
 	AddBaseURL bool `json:"addBaseUrl"`
+	// BaseURLScheme override for the scheme passed to the base tag
+	BaseURLScheme string `json:"baseUrlScheme"`
 	// SSLRedirect indicates if the location section is accessible SSL only
 	SSLRedirect bool `json:"sslRedirect"`
 	// ForceSSLRedirect indicates if the location section is accessible SSL only
@@ -60,6 +63,9 @@ func (r1 *Redirect) Equal(r2 *Redirect) bool {
 	if r1.AddBaseURL != r2.AddBaseURL {
 		return false
 	}
+	if r1.BaseURLScheme != r2.BaseURLScheme {
+		return false
+	}
 	if r1.SSLRedirect != r2.SSLRedirect {
 		return false
 	}
@@ -95,10 +101,12 @@ func (a rewrite) Parse(ing *extensions.Ingress) (interface{}, error) {
 		fSslRe = a.backendResolver.GetDefaultBackend().ForceSSLRedirect
 	}
 	abu, _ := parser.GetBoolAnnotation(addBaseURL, ing)
+	bus, _ := parser.GetStringAnnotation(baseURLScheme, ing)
 	ar, _ := parser.GetStringAnnotation(appRoot, ing)
 	return &Redirect{
 		Target:           rt,
 		AddBaseURL:       abu,
+		BaseURLScheme:    bus,
 		SSLRedirect:      sslRe,
 		ForceSSLRedirect: fSslRe,
 		AppRoot:          ar,
diff --git a/examples/rewrite/nginx/README.md b/examples/rewrite/nginx/README.md
index f934eb616..b3e50a88d 100644
--- a/examples/rewrite/nginx/README.md
+++ b/examples/rewrite/nginx/README.md
@@ -16,6 +16,7 @@ Rewriting can be controlled using the following annotations:
 | --- | --- | --- |
 |ingress.kubernetes.io/rewrite-target|Target URI where the traffic must be redirected|string|
 |ingress.kubernetes.io/add-base-url|indicates if is required to add a base tag in the head of the responses from the upstream servers|bool|
+|ingress.kubernetes.io/base-url-scheme|Override for the scheme passed to the base tag|string|
 |ingress.kubernetes.io/ssl-redirect|Indicates if the location section is accessible SSL only (defaults to True when Ingress contains a Certificate)|bool|
 |ingress.kubernetes.io/force-ssl-redirect|Forces the redirection to HTTPS even if the Ingress is not TLS Enabled|bool|
 |ingress.kubernetes.io/app-root|Defines the Application Root that the Controller must redirect if it's not in '/' context|string|