diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
index 15c16f6d..7a5f810b 100644
--- a/charts/nextcloud/Chart.yaml
+++ b/charts/nextcloud/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 8.7.0
+version: 8.7.1
 # renovate: image=docker.io/library/nextcloud
 appVersion: 32.0.3
 description: A file sharing server that puts the control and security of your own data back into your hands.
diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
index 768c4c2f..89009ca4 100644
--- a/charts/nextcloud/files/nginx.config.tpl
+++ b/charts/nextcloud/files/nginx.config.tpl
@@ -4,6 +4,16 @@ upstream php-handler {
     server 127.0.0.1:9000;
 }
 
+map $http_x_forwarded_proto $real_scheme {
+	default $scheme;
+	https https;
+}
+
+map $http_x_forwarded_port $real_port {
+	default $server_port;
+	443     443;
+}
+
 # Set the `immutable` cache control options only for assets with a cache busting `v` argument
 map $arg_v $asset_immutable {
     "" "";
@@ -87,7 +97,7 @@ server {
     # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
     location = / {
         if ( $http_user_agent ~ ^DavClnt ) {
-            return 302 /remote.php/webdav/$is_args$args;
+            return 302 $real_scheme://$host:$real_port/remote.php/webdav/$is_args$args;
         }
     }
 
@@ -104,12 +114,12 @@ server {
     location ^~ /.well-known {
         # The following 6 rules are borrowed from `.htaccess`
 
-        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav     { return 301 $real_scheme://$host:$real_port/remote.php/dav/; }
+        location = /.well-known/caldav      { return 301 $real_scheme://$host:$real_port/remote.php/dav/; }
 
         # Let Nextcloud's API for `/.well-known` URIs handle all other
         # requests by passing them to the front-end controller.
-        return 301 /index.php$request_uri;
+        return 301 $real_scheme://$host:$real_port/index.php$request_uri;
     }
 
     # Rules borrowed from `.htaccess` to hide certain paths from clients
@@ -158,7 +168,7 @@ server {
 
     # Rule borrowed from `.htaccess`
     location /remote {
-        return 301 /remote.php$request_uri;
+        return 301 $real_scheme://$host:$real_port/remote.php$request_uri;
     }
 
     location / {