diff --git a/apis/ingress/v1/pomerium_types.go b/apis/ingress/v1/pomerium_types.go
index f89f0e6a..25baa711 100644
--- a/apis/ingress/v1/pomerium_types.go
+++ b/apis/ingress/v1/pomerium_types.go
@@ -305,6 +305,9 @@ type PomeriumSpec struct {
 
 	// Timeout specifies the <a href="https://www.pomerium.com/docs/reference/global-timeouts">global timeouts</a> for all routes.
 	Timeouts *Timeouts `json:"timeouts,omitempty"`
+
+	// UseProxyProtocol enables <a href="https://www.pomerium.com/docs/reference/use-proxy-protocol">Proxy Protocol</a> support.
+	UseProxyProtocol *bool `json:"useProxyProtocol,omitempty"`
 }
 
 // Timeouts allows to configure global timeouts for all routes.
diff --git a/apis/ingress/v1/zz_generated.deepcopy.go b/apis/ingress/v1/zz_generated.deepcopy.go
index b534014b..7614522c 100644
--- a/apis/ingress/v1/zz_generated.deepcopy.go
+++ b/apis/ingress/v1/zz_generated.deepcopy.go
@@ -238,6 +238,11 @@ func (in *PomeriumSpec) DeepCopyInto(out *PomeriumSpec) {
 		*out = new(Timeouts)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.UseProxyProtocol != nil {
+		in, out := &in.UseProxyProtocol, &out.UseProxyProtocol
+		*out = new(bool)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PomeriumSpec.
diff --git a/config/crd/bases/ingress.pomerium.io_pomerium.yaml b/config/crd/bases/ingress.pomerium.io_pomerium.yaml
index ee812e2c..03d5cf94 100644
--- a/config/crd/bases/ingress.pomerium.io_pomerium.yaml
+++ b/config/crd/bases/ingress.pomerium.io_pomerium.yaml
@@ -328,6 +328,10 @@ spec:
                     format: duration
                     type: string
                 type: object
+              useProxyProtocol:
+                description: UseProxyProtocol enables <a href="https://www.pomerium.com/docs/reference/use-proxy-protocol">Proxy
+                  Protocol</a> support.
+                type: boolean
             required:
             - secrets
             type: object
diff --git a/deployment.yaml b/deployment.yaml
index dfd9e3b4..57cc0b20 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -336,6 +336,10 @@ spec:
                     format: duration
                     type: string
                 type: object
+              useProxyProtocol:
+                description: UseProxyProtocol enables <a href="https://www.pomerium.com/docs/reference/use-proxy-protocol">Proxy
+                  Protocol</a> support.
+                type: boolean
             required:
             - secrets
             type: object
diff --git a/pomerium/config.go b/pomerium/config.go
index 9aa8b774..3f8991c8 100644
--- a/pomerium/config.go
+++ b/pomerium/config.go
@@ -96,6 +96,7 @@ func applyJWTClaimHeaders(_ context.Context, p *pb.Config, c *model.Config) erro
 func applySetOtherOptions(_ context.Context, p *pb.Config, c *model.Config) error {
 	p.Settings.SetResponseHeaders = c.Spec.SetResponseHeaders
 	p.Settings.ProgrammaticRedirectDomainWhitelist = c.Spec.ProgrammaticRedirectDomains
+	p.Settings.UseProxyProtocol = c.Spec.UseProxyProtocol
 	return nil
 }