diff --git a/middleware/proxy/reverseproxy.go b/middleware/proxy/reverseproxy.go
index 90e546670..4b18a822e 100644
--- a/middleware/proxy/reverseproxy.go
+++ b/middleware/proxy/reverseproxy.go
@@ -12,6 +12,7 @@
 package proxy
 
 import (
+	"crypto/tls"
 	"io"
 	"net"
 	"net/http"
@@ -103,6 +104,16 @@ var hopHeaders = []string{
 	"Upgrade",
 }
 
+var InsecureTransport http.RoundTripper = &http.Transport{
+	Proxy: http.ProxyFromEnvironment,
+	Dial: (&net.Dialer{
+		Timeout:   30 * time.Second,
+		KeepAlive: 30 * time.Second,
+	}).Dial,
+	TLSHandshakeTimeout: 10 * time.Second,
+	TLSClientConfig:     &tls.Config{InsecureSkipVerify: true},
+}
+
 func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request, extraHeaders http.Header) error {
 	transport := p.Transport
 	if transport == nil {
diff --git a/middleware/proxy/upstream.go b/middleware/proxy/upstream.go
index 28dbb665a..9d87c07ab 100644
--- a/middleware/proxy/upstream.go
+++ b/middleware/proxy/upstream.go
@@ -19,10 +19,11 @@ var (
 )
 
 type staticUpstream struct {
-	from         string
-	proxyHeaders http.Header
-	Hosts        HostPool
-	Policy       Policy
+	from               string
+	proxyHeaders       http.Header
+	Hosts              HostPool
+	Policy             Policy
+	insecureSkipVerify bool
 
 	FailTimeout time.Duration
 	MaxFails    int32
@@ -90,6 +91,9 @@ func NewStaticUpstreams(c parse.Dispenser) ([]Upstream, error) {
 			}
 			if baseURL, err := url.Parse(uh.Name); err == nil {
 				uh.ReverseProxy = NewSingleHostReverseProxy(baseURL, uh.WithoutPathPrefix)
+				if upstream.insecureSkipVerify {
+					uh.ReverseProxy.Transport = InsecureTransport
+				}
 			} else {
 				return upstreams, err
 			}
@@ -175,6 +179,8 @@ func parseBlock(c *parse.Dispenser, u *staticUpstream) error {
 			return c.ArgErr()
 		}
 		u.IgnoredSubPaths = ignoredPaths
+	case "insecure_skip_verify":
+		u.insecureSkipVerify = true
 	default:
 		return c.Errf("unknown property '%s'", c.Val())
 	}