diff --git a/acceptance_test.go b/acceptance_test.go
index 361cba68e7d9b049c3291713149c640425e4125b..b195c7ea84b21a4aab5a69804b47203f4879f7b8 100644
--- a/acceptance_test.go
+++ b/acceptance_test.go
@@ -197,18 +197,35 @@ func TestKnownHostWithPortReturns200(t *testing.T) {
 
 func TestHttpToHttpsRedirectDisabled(t *testing.T) {
 	skipUnlessEnabled(t)
-	teardown := RunPagesProcess(t, *pagesBinary, listeners, "")
-	defer teardown()
 
-	rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "project/")
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	cases := []struct {
+		Listeners []ListenSpec
+		Args      string
+	}{
+		{
+			Listeners: listeners,
+			Args:      "",
+		},
+		{
+			Listeners: []ListenSpec{httpListener},
+			Args:      "-redirect-http=true",
+		},
+	}
 
-	rsp, err = GetPageFromListener(t, httpsListener, "group.gitlab-example.com", "project/")
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	for _, c := range cases {
+		teardown := RunPagesProcess(t, *pagesBinary, c.Listeners, "", c.Args)
+		defer teardown()
+
+		rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "project/")
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		assert.Equal(t, http.StatusOK, rsp.StatusCode)
+
+		rsp, err = GetPageFromListener(t, httpsListener, "group.gitlab-example.com", "project/")
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	}
 }
 
 func TestHttpToHttpsRedirectEnabled(t *testing.T) {
@@ -242,13 +259,27 @@ func TestHttpsOnlyGroupEnabled(t *testing.T) {
 
 func TestHttpsOnlyGroupDisabled(t *testing.T) {
 	skipUnlessEnabled(t)
-	teardown := RunPagesProcess(t, *pagesBinary, listeners, "")
-	defer teardown()
 
-	rsp, err := GetPageFromListener(t, httpListener, "group.https-only.gitlab-example.com", "project2/")
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	cases := []struct {
+		Listeners []ListenSpec
+	}{
+		{
+			Listeners: listeners,
+		},
+		{
+			Listeners: []ListenSpec{httpListener},
+		},
+	}
+
+	for _, c := range cases {
+		teardown := RunPagesProcess(t, *pagesBinary, c.Listeners, "")
+		defer teardown()
+
+		rsp, err := GetPageFromListener(t, httpListener, "group.https-only.gitlab-example.com", "project2/")
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	}
 }
 
 func TestHttpsOnlyProjectEnabled(t *testing.T) {
@@ -264,13 +295,27 @@ func TestHttpsOnlyProjectEnabled(t *testing.T) {
 
 func TestHttpsOnlyProjectDisabled(t *testing.T) {
 	skipUnlessEnabled(t)
-	teardown := RunPagesProcess(t, *pagesBinary, listeners, "")
-	defer teardown()
 
-	rsp, err := GetPageFromListener(t, httpListener, "test2.my-domain.com", "/")
-	require.NoError(t, err)
-	defer rsp.Body.Close()
-	assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	cases := []struct {
+		Listeners []ListenSpec
+	}{
+		{
+			Listeners: listeners,
+		},
+		{
+			Listeners: []ListenSpec{httpListener},
+		},
+	}
+
+	for _, c := range cases {
+		teardown := RunPagesProcess(t, *pagesBinary, c.Listeners, "")
+		defer teardown()
+
+		rsp, err := GetPageFromListener(t, httpListener, "test2.my-domain.com", "/")
+		require.NoError(t, err)
+		defer rsp.Body.Close()
+		assert.Equal(t, http.StatusOK, rsp.StatusCode)
+	}
 }
 
 func TestHttpsOnlyDomainDisabled(t *testing.T) {
diff --git a/app.go b/app.go
index 0a7a82685b498d903b22f6a1bcd9d149e686e084..741caa9aa745a85e2eadd9f3f7c16a37cb4da23f 100644
--- a/app.go
+++ b/app.go
@@ -92,6 +92,10 @@ func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain.
 	return host, a.domain(host)
 }
 
+func (a *theApp) shouldRedirectDomain(domain *domain.D, r *http.Request) bool {
+	return a.IsHTTPSEnabled() && domain.IsHTTPSOnly(r)
+}
+
 func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, https bool, host string, domain *domain.D) bool {
 	// short circuit content serving to check for a status page
 	if r.RequestURI == a.appConfig.StatusPath {
@@ -121,7 +125,7 @@ func (a *theApp) tryAuxiliaryHandlers(w http.ResponseWriter, r *http.Request, ht
 		return true
 	}
 
-	if !https && domain.IsHTTPSOnly(r) {
+	if !https && a.shouldRedirectDomain(domain, r) {
 		a.redirectToHTTPS(w, r, http.StatusMovedPermanently)
 		return true
 	}
@@ -284,6 +288,10 @@ func (a *theApp) listenAdminHTTPS(wg *sync.WaitGroup) {
 	}()
 }
 
+func (a *theApp) IsHTTPSEnabled() bool {
+	return len(a.appConfig.ListenHTTPS) > 0
+}
+
 func runApp(config appConfig) {
 	a := theApp{appConfig: config}
 
@@ -293,6 +301,11 @@ func runApp(config appConfig) {
 
 	configureLogging(config.LogFormat, config.LogVerbose)
 
+	if config.RedirectHTTP && len(config.ListenHTTPS) == 0 {
+		log.Warn("No HTTPS listener defined, disabling automatic redirect to HTTPS")
+		config.RedirectHTTP = false
+	}
+
 	if err := mimedb.LoadTypes(); err != nil {
 		log.WithError(err).Warn("Loading extended MIME database failed")
 	}