diff --git a/config.template.yaml b/config.template.yaml
index fadf9cce..32e8f3f0 100644
--- a/config.template.yaml
+++ b/config.template.yaml
@@ -40,6 +40,12 @@ html-template:
 
 # Socket.IO server details
 io:
+  # In most cases this will be the same as the http.domain.
+  # However, if your HTTP traffic is going through a proxy (e.g. cloudflare)
+  # you will want to set up a passthrough domain for socket.io.
+  # If the root of this domain is not the same as the root of your HTTP domain
+  # (or HTTPS if SSL is enabled), logins won't work.
+  domain: 'http://localhost'
   port: 1337
   # limit the number of concurrent socket connections per IP address
   ip-connection-limit: 10
diff --git a/lib/config.js b/lib/config.js
index 0d037ddf..f857cbc1 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -39,6 +39,7 @@ var defaults = {
         certfile: "localhost.cert"
     },
     io: {
+        domain: "http://localhost",
         port: 1337,
         "ip-connection-limit": 10
     },
diff --git a/lib/web/webserver.js b/lib/web/webserver.js
index 0f6d0969..d0b8273b 100644
--- a/lib/web/webserver.js
+++ b/lib/web/webserver.js
@@ -131,7 +131,7 @@ function handleChannel(req, res) {
     if (req.secure) {
         sio = Config.get("https.domain") + ":" + Config.get("https.port");
     } else {
-        sio = Config.get("http.domain") + ":" + Config.get("io.port");
+        sio = Config.get("io.domain") + ":" + Config.get("io.port");
     }
     sio += "/socket.io/socket.io.js";
 
@@ -178,7 +178,7 @@ function handleSocketConfig(req, res) {
 
     res.type("application/javascript");
 
-    var io_url = Config.get("http.domain") + ":" + Config.get("io.port");
+    var io_url = Config.get("io.domain") + ":" + Config.get("io.port");
     var web_url = Config.get("http.domain") + ":" + Config.get("http.port");
     var ssl_url = Config.get("https.domain") + ":" + Config.get("https.port");
     res.send("var IO_URL='"+io_url+"',WEB_URL='"+web_url+"',SSL_URL='" + ssl_url +