diff --git a/auth.go b/auth.go
index 69eee14..a06e6e6 100644
--- a/auth.go
+++ b/auth.go
@@ -47,11 +47,15 @@ func (c *CRProxy) AuthToken(rw http.ResponseWriter, r *http.Request) {
 }
 
 func (c *CRProxy) authenticate(rw http.ResponseWriter, r *http.Request) {
-	var scheme = "http"
-	if r.TLS != nil {
-		scheme = "https"
+	tokenURL := c.tokenURL
+	if tokenURL == "" {
+		var scheme = "http"
+		if r.TLS != nil {
+			scheme = "https"
+		}
+		tokenURL = scheme + "://" + r.Host + "/auth/token"
 	}
-	header := fmt.Sprintf("Bearer realm=%q,service=%q", scheme+"://"+r.Host+"/auth/token", r.Host)
+	header := fmt.Sprintf("Bearer realm=%q,service=%q", tokenURL, r.Host)
 	rw.Header().Set("WWW-Authenticate", header)
 	c.errorResponse(rw, r, errcode.ErrorCodeUnauthorized)
 }
diff --git a/cmd/crproxy/main.go b/cmd/crproxy/main.go
index 9359e1d..4882c84 100644
--- a/cmd/crproxy/main.go
+++ b/cmd/crproxy/main.go
@@ -53,6 +53,7 @@ var (
 	enablePprof            bool
 	defaultRegistry        string
 	simpleAuth             bool
+	tokenURL               string
 )
 
 func init() {
@@ -79,6 +80,7 @@ func init() {
 	pflag.BoolVar(&enablePprof, "enable-pprof", false, "Enable pprof")
 	pflag.StringVar(&defaultRegistry, "default-registry", "", "default registry used for non full-path docker pull, like:docker.io")
 	pflag.BoolVar(&simpleAuth, "simple-auth", false, "enable simple auth")
+	pflag.StringVar(&tokenURL, "token-url", "", "token url")
 	pflag.Parse()
 }
 
@@ -283,7 +285,7 @@ func main() {
 	}
 
 	if simpleAuth {
-		opts = append(opts, crproxy.WithSimpleAuth(true))
+		opts = append(opts, crproxy.WithSimpleAuth(true, tokenURL))
 	}
 
 	crp, err := crproxy.NewCRProxy(opts...)
diff --git a/crproxy.go b/crproxy.go
index 4b53812..8675571 100644
--- a/crproxy.go
+++ b/crproxy.go
@@ -74,6 +74,7 @@ type CRProxy struct {
 	privilegedIPSet         map[string]struct{}
 	disableTagsList         bool
 	simpleAuth              bool
+	tokenURL                string
 	matcher                 hostmatcher.Matcher
 
 	defaultRegistry string
@@ -81,9 +82,10 @@ type CRProxy struct {
 
 type Option func(c *CRProxy)
 
-func WithSimpleAuth(b bool) Option {
+func WithSimpleAuth(b bool, tokenURL string) Option {
 	return func(c *CRProxy) {
 		c.simpleAuth = b
+		c.tokenURL = tokenURL
 	}
 }