diff --git a/api/api.go b/api/api.go
index b2a0fb0e48..a89a8ed470 100644
--- a/api/api.go
+++ b/api/api.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -25,6 +26,7 @@ type context struct {
 	eventsHandler *eventsHandler
 	debug         bool
 	version       string
+	tlsConfig     *tls.Config
 }
 
 type handler func(c *context, w http.ResponseWriter, r *http.Request)
@@ -218,7 +220,7 @@ func proxyContainerAndForceRefresh(c *context, w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	if err := proxy(container, w, r); err != nil {
+	if err := proxy(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 
@@ -234,7 +236,7 @@ func proxyContainer(c *context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := proxy(container, w, r); err != nil {
+	if err := proxy(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 }
@@ -247,7 +249,7 @@ func proxyHijack(c *context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := hijack(container, w, r); err != nil {
+	if err := hijack(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 }
diff --git a/api/server.go b/api/server.go
index 1d75de68f3..7a3b44f552 100644
--- a/api/server.go
+++ b/api/server.go
@@ -35,6 +35,7 @@ func ListenAndServe(c *cluster.Cluster, s *scheduler.Scheduler, hosts []string,
 		scheduler:     s,
 		version:       version,
 		eventsHandler: NewEventsHandler(),
+		tlsConfig:     tlsConfig,
 	}
 	c.Events(context.eventsHandler)
 	r, err := createRouter(context, enableCors)
diff --git a/api/utils.go b/api/utils.go
index 5c8396432a..6380e0812e 100644
--- a/api/utils.go
+++ b/api/utils.go
@@ -1,6 +1,7 @@
 package api
 
 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@@ -33,9 +34,13 @@ func getContainerFromVars(c *context, vars map[string]string) (*cluster.Containe
 	return nil, errors.New("Not found")
 }
 
-func proxy(container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
+func proxy(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
 	// Use a new client for each request
-	client := &http.Client{}
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: tlsConfig,
+		},
+	}
 
 	// RequestURI may not be sent to client
 	r.RequestURI = ""
@@ -60,7 +65,7 @@ func proxy(container *cluster.Container, w http.ResponseWriter, r *http.Request)
 	return nil
 }
 
-func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
+func hijack(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
 	addr := container.Node().Addr
 	if parts := strings.SplitN(container.Node().Addr, "://", 2); len(parts) == 2 {
 		addr = parts[1]
@@ -68,7 +73,16 @@ func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request
 
 	log.Debugf("[HIJACK PROXY] --> %s", addr)
 
-	d, err := net.Dial("tcp", addr)
+	var (
+		d   net.Conn
+		err error
+	)
+
+	if tlsConfig != nil {
+		d, err = tls.Dial("tcp", addr, tlsConfig)
+	} else {
+		d, err = net.Dial("tcp", addr)
+	}
 	if err != nil {
 		return err
 	}