diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 0b81dc0..e346eba 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -718,6 +718,22 @@ function drupal_settings_initialize() {
   }
   $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
 
+  // If Drupal is behind a reverse proxy or load balancer that is communicating
+  // with the end-user over https but with Drupal over http we will generate a
+  // broken $base_url unless we check if $_SERVER['HTTP_X_FORWARDED_PROTO'] is
+  // set to 'https'.
+  // Trusting these headers is a potential security risk so we only do so if
+  // $conf['reverse_proxy'] has been set.
+  if (variable_get('reverse_proxy', 0)) {
+    $reverse_proxy_proto_header = variable_get('reverse_proxy_proto_header', 'HTTP_X_FORWARDED_PROTO');
+    if (isset($_SERVER[$reverse_proxy_proto_header]) && strtolower($_SERVER[$reverse_proxy_proto_header]) == 'https') {
+      $is_https = TRUE;
+      // To ensure that third-party code continues working.
+      // They should however implement support for X-Forwarded-Proto themselves.
+      $_SERVER['HTTPS'] = 'on';
+    }
+  }
+
   if (isset($base_url)) {
     // Parse fixed base URL from settings.php.
     $parts = parse_url($base_url);
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 580cc38..82b9ee2 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -263,6 +263,9 @@ $drupal_hash_salt = '';
  *
  * It is not allowed to have a trailing slash; Drupal will add it
  * for you.
+ *
+ * If you are using a reverse proxy as a crypto offloader, you must ensure that
+ * this variable is commented.
  */
 # $base_url = 'http://www.example.com';  // NO trailing slash!
 
@@ -400,6 +403,12 @@ ini_set('session.cookie_lifetime', 2000000);
 # $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
 
 /**
+ * Set this value if your proxy server sends the client protocol in a header
+ * other than X-Forwarded-Proto.
+ */
+# $conf['reverse_proxy_proto_header'] = 'HTTP_X_FORWARDED_PROTO';
+
+/**
  * Page caching:
  *
  * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page