diff --git a/ingress/ingress.go b/ingress/ingress.go
index 5e5f9655..801bc551 100644
--- a/ingress/ingress.go
+++ b/ingress/ingress.go
@@ -126,7 +126,7 @@ func parseSingleOriginService(c *cli.Context, allowURLFromArgs bool) (OriginServ
 		if err != nil {
 			return nil, errors.Wrap(err, "Error validating --unix-socket")
 		}
-		return &unixSocketPath{path: path}, nil
+		return &unixSocketPath{path: path, scheme: "http"}, nil
 	}
 	u, err := url.Parse("http://localhost:8080")
 	return &httpService{url: u}, err
@@ -169,7 +169,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 		if prefix := "unix:"; strings.HasPrefix(r.Service, prefix) {
 			// No validation necessary for unix socket filepath services
 			path := strings.TrimPrefix(r.Service, prefix)
-			service = &unixSocketPath{path: path}
+			service = &unixSocketPath{path: path, scheme: "http"}
+		} else if prefix := "unix+tls:"; strings.HasPrefix(r.Service, prefix) {
+			path := strings.TrimPrefix(r.Service, prefix)
+			service = &unixSocketPath{path: path, scheme: "https"}
 		} else if prefix := "http_status:"; strings.HasPrefix(r.Service, prefix) {
 			status, err := strconv.Atoi(strings.TrimPrefix(r.Service, prefix))
 			if err != nil {
diff --git a/ingress/ingress_test.go b/ingress/ingress_test.go
index 9d09e8f8..1e999a4e 100644
--- a/ingress/ingress_test.go
+++ b/ingress/ingress_test.go
@@ -26,8 +26,21 @@ ingress:
 `
 	ing, err := ParseIngress(MustReadIngress(rawYAML))
 	require.NoError(t, err)
-	_, ok := ing.Rules[0].Service.(*unixSocketPath)
+	s, ok := ing.Rules[0].Service.(*unixSocketPath)
 	require.True(t, ok)
+	require.Equal(t, "http", s.scheme)
+}
+
+func TestParseUnixSocketTLS(t *testing.T) {
+	rawYAML := `
+ingress:
+- service: unix+tls:/tmp/echo.sock
+`
+	ing, err := ParseIngress(MustReadIngress(rawYAML))
+	require.NoError(t, err)
+	s, ok := ing.Rules[0].Service.(*unixSocketPath)
+	require.True(t, ok)
+	require.Equal(t, "https", s.scheme)
 }
 
 func Test_parseIngress(t *testing.T) {
diff --git a/ingress/origin_proxy.go b/ingress/origin_proxy.go
index 63c10137..e99e002e 100644
--- a/ingress/origin_proxy.go
+++ b/ingress/origin_proxy.go
@@ -23,7 +23,7 @@ type StreamBasedOriginProxy interface {
 }
 
 func (o *unixSocketPath) RoundTrip(req *http.Request) (*http.Response, error) {
-	req.URL.Scheme = "http"
+	req.URL.Scheme = o.scheme
 	return o.transport.RoundTrip(req)
 }
 
diff --git a/ingress/origin_service.go b/ingress/origin_service.go
index 116b77f0..c76c98a4 100644
--- a/ingress/origin_service.go
+++ b/ingress/origin_service.go
@@ -33,9 +33,10 @@ type OriginService interface {
 	start(log *zerolog.Logger, shutdownC <-chan struct{}, cfg OriginRequestConfig) error
 }
 
-// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP)
+// unixSocketPath is an OriginService representing a unix socket (which accepts HTTP or HTTPS)
 type unixSocketPath struct {
 	path      string
+	scheme    string
 	transport *http.Transport
 }