diff --git a/core/server/web/admin/app.js b/core/server/web/admin/app.js
index 7bb0a28788..7f6b20b9d1 100644
--- a/core/server/web/admin/app.js
+++ b/core/server/web/admin/app.js
@@ -11,6 +11,10 @@ module.exports = function setupAdminApp() {
     debug('Admin setup start');
     const adminApp = express();
 
+    // Make sure 'req.secure' and `req.hostname` is valid for proxied requests
+    // (X-Forwarded-Proto header will be checked, if present)
+    adminApp.enable('trust proxy');
+
     // Admin assets
     // @TODO ensure this gets a local 404 error handler
     const configMaxAge = config.get('caching:admin:maxAge');
diff --git a/core/server/web/parent-app.js b/core/server/web/parent-app.js
index c120965d79..4fe865f1d5 100644
--- a/core/server/web/parent-app.js
+++ b/core/server/web/parent-app.js
@@ -1,6 +1,6 @@
 const debug = require('ghost-ignition').debug('web:parent');
 const express = require('express');
-const vhost = require('vhost');
+const vhost = require('@tryghost/vhost-middleware');
 const config = require('../config');
 const compress = require('compression');
 const netjet = require('netjet');
diff --git a/core/server/web/shared/middlewares/url-redirects.js b/core/server/web/shared/middlewares/url-redirects.js
index 090fa69d03..770ef03d30 100644
--- a/core/server/web/shared/middlewares/url-redirects.js
+++ b/core/server/web/shared/middlewares/url-redirects.js
@@ -96,7 +96,7 @@ _private.getBlogRedirectUrl = (options) => {
  */
 _private.redirect = (req, res, next, redirectFn) => {
     const redirectUrl = redirectFn({
-        requestedHost: req.get('host'),
+        requestedHost: req.hostname,
         requestedUrl: url.parse(req.originalUrl || req.url).pathname,
         queryParameters: req.query,
         secure: req.secure
diff --git a/core/test/unit/web/middleware/url-redirects_spec.js b/core/test/unit/web/middleware/url-redirects_spec.js
index ac0d4647a3..23f5cf728f 100644
--- a/core/test/unit/web/middleware/url-redirects_spec.js
+++ b/core/test/unit/web/middleware/url-redirects_spec.js
@@ -13,7 +13,7 @@ describe('UNIT: url redirects', function () {
 
     beforeEach(function () {
         req = {
-            get: function get() {
+            get hostname() {
                 return host;
             }
         };
diff --git a/core/test/unit/web/parent-app_spec.js b/core/test/unit/web/parent-app_spec.js
index 52cc92eb58..19a950e8fb 100644
--- a/core/test/unit/web/parent-app_spec.js
+++ b/core/test/unit/web/parent-app_spec.js
@@ -30,7 +30,7 @@ describe('parent app', function () {
 
         parentApp = proxyquire('../../../server/web/parent-app', {
             express: expressStub,
-            vhost: vhostSpy,
+            '@tryghost/vhost-middleware': vhostSpy,
             './api': apiSpy,
             './admin': adminSpy,
             './site': siteSpy,
diff --git a/package.json b/package.json
index 3c76857c52..5dc5971ac2 100644
--- a/package.json
+++ b/package.json
@@ -46,6 +46,7 @@
     "@tryghost/social-urls": "0.1.4",
     "@tryghost/string": "^0.1.3",
     "@tryghost/url-utils": "0.6.11",
+    "@tryghost/vhost-middleware": "1.0.0",
     "ajv": "6.10.2",
     "amperize": "0.6.0",
     "analytics-node": "3.3.0",
@@ -124,7 +125,6 @@
     "simple-html-tokenizer": "0.5.8",
     "uuid": "3.3.3",
     "validator": "6.3.0",
-    "vhost": "3.0.2",
     "xml": "1.0.1"
   },
   "optionalDependencies": {
diff --git a/yarn.lock b/yarn.lock
index c6fecbd791..3789f7dab0 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -334,6 +334,15 @@
     remark "^11.0.1"
     unist-util-visit "^2.0.0"
 
+"@tryghost/vhost-middleware@1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@tryghost/vhost-middleware/-/vhost-middleware-1.0.0.tgz#b9318b837054e87c35b27a31961847ad8bf70868"
+  integrity sha512-F+rSk4YmquxjfSPvRc4s20NuOQfnQluK6drvttkPybKWTMoRvs5/uDfVdyil3lTVZC5COh7sSBCCM3Fin7FYGA==
+  dependencies:
+    bluebird "^3.7.1"
+    ghost-ignition "^3.1.0"
+    lodash "^4.17.15"
+
 "@types/bluebird@^3.5.26", "@types/bluebird@^3.5.27":
   version "3.5.27"
   resolved "https://registry.yarnpkg.com/@types/bluebird/-/bluebird-3.5.27.tgz#61eb4d75dc6bfbce51cf49ee9bbebe941b2cb5d0"
@@ -914,6 +923,11 @@ bluebird@^3.0.5, bluebird@^3.4.1, bluebird@^3.4.3, bluebird@^3.4.6, bluebird@^3.
   resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.0.tgz#56a6a886e03f6ae577cffedeb524f8f2450293cf"
   integrity sha512-aBQ1FxIa7kSWCcmKHlcHFlT2jt6J/l4FzC7KcPELkOJOsPOb/bccdhmIrKDfXhwFrmc7vDoDrrepFvGqjyXGJg==
 
+bluebird@^3.7.1:
+  version "3.7.1"
+  resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.1.tgz#df70e302b471d7473489acf26a93d63b53f874de"
+  integrity sha512-DdmyoGCleJnkbp3nkbxTLJ18rjDsE4yCggEwKNXkeV123sPNfOCYeDoeuOY+F2FrSjO1YXcTU+dsy96KMy+gcg==
+
 body-parser@1.19.0, body-parser@^1.19.0:
   version "1.19.0"
   resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
@@ -8971,11 +8985,6 @@ vfile@^4.0.0:
     unist-util-stringify-position "^2.0.0"
     vfile-message "^2.0.0"
 
-vhost@3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/vhost/-/vhost-3.0.2.tgz#2fb1decd4c466aa88b0f9341af33dc1aff2478d5"
-  integrity sha1-L7HezUxGaqiLD5NBrzPcGv8keNU=
-
 video-extensions@~1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/video-extensions/-/video-extensions-1.1.0.tgz#eaa86b45f29a853c2b873e9d8e23b513712997d6"