diff --git a/config/config.js b/config/config.js
index 6ff51e810b..c73f3d8d90 100644
--- a/config/config.js
+++ b/config/config.js
@@ -68,6 +68,14 @@ var validateEnvironmentVariable = function () {
   console.log(chalk.white(''));
 };
 
+/** Validate config.domain is set
+ */
+var validateDomainIsSet = function (config) {
+  if (!config.app.domain) {
+    console.log(chalk.red('+ Important warning: config.domain is empty. It should be set to the fully qualified domain of the app.'));
+  }
+};
+
 /**
  * Validate Secure=true parameter can actually be turned on
  * because it requires certs and key files to be available
@@ -204,6 +212,9 @@ var initGlobalConfig = function () {
   // Validate session secret
   validateSessionSecret(config);
 
+  // Print a warning if config.domain is not set
+  validateDomainIsSet(config);
+
   // Expose configuration utilities
   config.utils = {
     getGlobbedPaths: getGlobbedPaths,
diff --git a/config/env/default.js b/config/env/default.js
index 85508e1bd3..a3e8c5e8cc 100644
--- a/config/env/default.js
+++ b/config/env/default.js
@@ -9,6 +9,9 @@ module.exports = {
   },
   port: process.env.PORT || 3000,
   host: process.env.HOST || '0.0.0.0',
+  // DOMAIN config should be set to the fully qualified application accessible
+  // URL. For example: https://www.myapp.com (including port if required).
+  domain: process.env.DOMAIN,
   // Session Cookie settings
   sessionCookie: {
     // session expiration is set by default to 24 hours
diff --git a/config/lib/express.js b/config/lib/express.js
index eb2811528e..c5b98f6bfd 100644
--- a/config/lib/express.js
+++ b/config/lib/express.js
@@ -40,6 +40,7 @@ module.exports.initLocalVariables = function (app) {
   app.locals.logo = config.logo;
   app.locals.favicon = config.favicon;
   app.locals.env = process.env.NODE_ENV;
+  app.locals.domain = config.domain;
 
   // Passing the request url to environment locals
   app.use(function (req, res, next) {
diff --git a/modules/users/server/controllers/users/users.password.server.controller.js b/modules/users/server/controllers/users/users.password.server.controller.js
index b8a7e896c9..06197fba73 100644
--- a/modules/users/server/controllers/users/users.password.server.controller.js
+++ b/modules/users/server/controllers/users/users.password.server.controller.js
@@ -61,11 +61,14 @@ exports.forgot = function (req, res, next) {
       if (config.secure && config.secure.ssl === true) {
         httpTransport = 'https://';
       }
+      var baseUrl = req.app.get('domain') || httpTransport + req.headers.host;
+      console.log(baseUrl);
       res.render(path.resolve('modules/users/server/templates/reset-password-email'), {
         name: user.displayName,
         appName: config.app.title,
-        url: httpTransport + req.headers.host + '/api/auth/reset/' + token
+        url: baseUrl + '/api/auth/reset/' + token
       }, function (err, emailHTML) {
+        console.log(emailHTML);
         done(err, emailHTML, user);
       });
     },