diff --git a/lib/DeployActions/DockerActions.php b/lib/DeployActions/DockerActions.php
index 068a4469..8300f7fd 100644
--- a/lib/DeployActions/DockerActions.php
+++ b/lib/DeployActions/DockerActions.php
@@ -527,7 +527,8 @@ public function resolveExAppUrl(
 		} else {
 			$exAppHost = $appId;
 		}
-		if (isset($deployConfig['haproxy_password']) && $deployConfig['haproxy_password'] !== '') {
+		if ($protocol == 'https' && isset($deployConfig['haproxy_password']) && $deployConfig['haproxy_password'] !== '') {
+			// we only set haproxy auth for remote installations, when all requests come through HaProxy.
 			$auth = [self::APP_API_HAPROXY_USER, $deployConfig['haproxy_password']];
 		}
 		return sprintf('%s://%s:%s', $protocol, $exAppHost, $port);
diff --git a/lib/Service/AppAPIService.php b/lib/Service/AppAPIService.php
index 4dc16261..84e3bf0e 100644
--- a/lib/Service/AppAPIService.php
+++ b/lib/Service/AppAPIService.php
@@ -172,6 +172,7 @@ private function prepareRequestToExApp(
 		$options['http_errors'] = false; // do not throw exceptions on 4xx and 5xx responses
 		if (!empty($auth)) {
 			$options['auth'] = $auth;
+			$options['headers'] = $this->swapAuthorizationHeader($options['headers']);
 		}
 		if (!isset($options['timeout'])) {
 			$options['timeout'] = 3;
@@ -221,6 +222,7 @@ private function prepareRequestToExApp2(
 		$options['http_errors'] = false; // do not throw exceptions on 4xx and 5xx responses
 		if (!empty($auth)) {
 			$options['auth'] = $auth;
+			$options['headers'] = $this->swapAuthorizationHeader($options['headers']);
 		}
 		if (!isset($options['timeout'])) {
 			$options['timeout'] = 3;
@@ -237,6 +239,24 @@ private function prepareRequestToExApp2(
 		return ['url' => $url, 'options' => $options];
 	}
 
+	/**
+	 * This is required for AppAPI Docker Socket Proxy, as the Basic Auth is already in use by HaProxy,
+	 * and the incoming request's Authorization is replaced with X-Original-Authorization header
+	 * after HaProxy authenticated.
+	 *
+	 * @since AppAPI 3.0.0
+	 */
+
+	private function swapAuthorizationHeader(array $headers): array {
+		foreach ($headers as $key => $value) {
+			if (strtoupper($key) === 'AUTHORIZATION') {
+				$headers['X-Original-Authorization'] = $value;
+				break;
+			}
+		}
+		return $headers;
+	}
+
 	private function getUriEncodedParams(array $params): string {
 		$paramsContent = '';
 		foreach ($params as $key => $value) {