diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go
index 8db273f46..c683a0e15 100644
--- a/internal/outpost/proxyv2/application/mode_common.go
+++ b/internal/outpost/proxyv2/application/mode_common.go
@@ -78,8 +78,12 @@ func (a *Application) getTraefikForwardUrl(r *http.Request) (*url.URL, error) {
 func (a *Application) getNginxForwardUrl(r *http.Request) (*url.URL, error) {
 	ou := r.Header.Get("X-Original-URI")
 	if ou != "" {
-		u, _ := url.Parse(r.URL.String())
-		u.Path = ou
+		// Turn this full URL into a relative URL
+		u := &url.URL{
+			Host:   "",
+			Scheme: "",
+			Path:   ou,
+		}
 		a.log.WithField("url", u.String()).Info("building forward URL from X-Original-URI")
 		return u, nil
 	}
diff --git a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
index 815bd53a2..f25e293f1 100644
--- a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
+++ b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
@@ -56,7 +56,7 @@ func TestForwardHandleNginx_Single_URI(t *testing.T) {
 	assert.Equal(t, rr.Code, http.StatusUnauthorized)
 
 	s, _ := a.sessions.Get(req, constants.SeesionName)
-	assert.Equal(t, "https://foo.bar/app", s.Values[constants.SessionRedirect])
+	assert.Equal(t, "/app", s.Values[constants.SessionRedirect])
 }
 
 func TestForwardHandleNginx_Single_Claims(t *testing.T) {