diff --git a/.github/workflows/deployment-docker-image.yml b/.github/workflows/deployment-docker-image.yml
index 807a5bf39..b2860a9df 100644
--- a/.github/workflows/deployment-docker-image.yml
+++ b/.github/workflows/deployment-docker-image.yml
@@ -149,7 +149,7 @@ jobs:
         with:
           platforms: linux/amd64,linux/arm64
           context: .
-          push: ${{ env.PUSH_IMAGE}}
+          push: ${{ env.PUSH_IMAGE }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           network: host
diff --git a/nginx.conf b/nginx.conf
index 25e571394..dbfeba55a 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -21,7 +21,7 @@ http {
             proxy_set_header Host $http_host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
         }
     }
 }
\ No newline at end of file
diff --git a/packages/auth/providers/oidc/oidc-provider.ts b/packages/auth/providers/oidc/oidc-provider.ts
index 925e7d1dd..406b13871 100644
--- a/packages/auth/providers/oidc/oidc-provider.ts
+++ b/packages/auth/providers/oidc/oidc-provider.ts
@@ -23,7 +23,8 @@ export const OidcProvider = (headers: ReadonlyHeaders | null): OIDCConfig<Profil
   authorization: {
     params: {
       scope: env.AUTH_OIDC_SCOPE_OVERWRITE,
-      redirect_uri: createRedirectUri(headers, "/api/auth/callback/oidc"),
+      // We fallback to https as generally oidc providers require https
+      redirect_uri: createRedirectUri(headers, "/api/auth/callback/oidc", "https"),
     },
   },
   profile(profile) {
diff --git a/packages/auth/redirect.ts b/packages/auth/redirect.ts
index 94ed327a1..c27e6eaeb 100644
--- a/packages/auth/redirect.ts
+++ b/packages/auth/redirect.ts
@@ -8,12 +8,16 @@ import { extractBaseUrlFromHeaders } from "@homarr/common";
  * @param pathname
  * @returns
  */
-export const createRedirectUri = (headers: ReadonlyHeaders | null, pathname: string) => {
+export const createRedirectUri = (
+  headers: ReadonlyHeaders | null,
+  pathname: string,
+  fallbackProtocol: "http" | "https" = "http",
+) => {
   if (!headers) {
     return pathname;
   }
 
-  const baseUrl = extractBaseUrlFromHeaders(headers);
+  const baseUrl = extractBaseUrlFromHeaders(headers, fallbackProtocol);
 
   const path = pathname.startsWith("/") ? pathname : `/${pathname}`;
 
diff --git a/packages/common/src/url.ts b/packages/common/src/url.ts
index aa15066f6..9e974a73e 100644
--- a/packages/common/src/url.ts
+++ b/packages/common/src/url.ts
@@ -4,8 +4,16 @@ export const removeTrailingSlash = (path: string) => {
   return path.at(-1) === "/" ? path.substring(0, path.length - 1) : path;
 };
 
-export const extractBaseUrlFromHeaders = (headers: ReadonlyHeaders): `${string}://${string}` => {
-  let protocol = headers.get("x-forwarded-proto") ?? "http";
+export const extractBaseUrlFromHeaders = (
+  headers: ReadonlyHeaders,
+  fallbackProtocol: "http" | "https" = "http",
+): `${string}://${string}` => {
+  let protocol = headers.get("x-forwarded-proto");
+
+  // If the protocol is not set or an empty string
+  if (!protocol) {
+    protocol = fallbackProtocol;
+  }
 
   // @see https://support.glitch.com/t/x-forwarded-proto-contains-multiple-protocols/17219
   if (protocol.includes(",")) {