This is because your application isn’t trusting the reverse proxy’s headers overriding the scheme (the X-Forwarded-Proto header that’s passed when it handles a TLS request).
There’s a few ways we can fix that:
-
If you’re running the application straight from
uvicornserver, try using the flag--forwarded-allow-ips '*'. -
If you’re running
gunicornyou can set as well the flag--forwarded-allow-ips="*". -
In either application, you can additionally use the
FORWARDED_ALLOW_IPSenvironment variable.
Important: the * should be used only as a test, as it’ll lead your application to trust the X-Forwarded-* headers from any source. I suggest you read uvicorn’s docs and gunicorn’s docs for a deeper knowledge of what to set in this flag and why.