diff --git a/puppet/lib/puppet/util/puppetdb/config.rb b/puppet/lib/puppet/util/puppetdb/config.rb
index 61284431c..0ffb6ce63 100644
--- a/puppet/lib/puppet/util/puppetdb/config.rb
+++ b/puppet/lib/puppet/util/puppetdb/config.rb
@@ -176,7 +176,8 @@ def self.convert_and_validate_urls(uri_strings)
           raise URI::InvalidURIError.new, "Error parsing URL '#{uri_string}' in PuppetDB 'server_urls', error message was '#{e.message}'"
         end
 
-        if uri.scheme != 'https'
+        allow_http = (uri.scheme == 'http' && uri.host == '127.0.0.1')
+        if uri.scheme != 'https' && !allow_http
           raise "PuppetDB 'server_urls' must be https, found '#{uri_string}'"
         end
 
diff --git a/puppet/spec/unit/util/puppetdb/config_spec.rb b/puppet/spec/unit/util/puppetdb/config_spec.rb
index 792b85b90..6ca364853 100644
--- a/puppet/spec/unit/util/puppetdb/config_spec.rb
+++ b/puppet/spec/unit/util/puppetdb/config_spec.rb
@@ -165,6 +165,16 @@ def write_config(content)
         end.to raise_error(/PuppetDB 'server_urls' cannot contain URL paths, found 'https:\/\/foo.something-different.com\/bar'/)
       end
 
+      it "allows http for 127.0.0.1" do
+        write_config <<CONF
+[main]
+server_urls = http://127.0.0.1:8080
+CONF
+
+        config = described_class.load
+        expect(config.server_urls).to eq([URI("http://127.0.0.1:8080")])
+      end
+
       it "should fail if given a server/port combo" do
         write_config <<CONF
 [main]