diff --git a/README.md b/README.md
index 743870dbe3e6e277df736a45c2a03730eafbe0be..22eba94e329303e21f931159d3ce45c885c27ea9 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,8 @@ auth request to GitLab Rails app) -> git-upload-pack
 Options:
   -authBackend string
     	Authentication/authorization backend (default "http://localhost:8080")
+  -authSocket string
+    	Optional: Unix domain socket to dial authBackend at
   -listenAddr string
     	Listen address for HTTP server (default "localhost:8181")
   -listenNetwork string
diff --git a/githandler.go b/githandler.go
index e5529062d82f2fbdeb72880abaf6c4dfb7493c3f..5853bd53ebe0f3bf21d8289da2bdd8a37a7d7cd4 100644
--- a/githandler.go
+++ b/githandler.go
@@ -67,8 +67,8 @@ var gitServices = [...]gitService{
 	gitService{"GET", "/repository/archive.tar.bz2", handleGetArchive, "tar.bz2"},
 }
 
-func newGitHandler(authBackend string) *gitHandler {
-	return &gitHandler{&http.Client{}, authBackend}
+func newGitHandler(authBackend string, authTransport http.RoundTripper) *gitHandler {
+	return &gitHandler{&http.Client{Transport: authTransport}, authBackend}
 }
 
 func (h *gitHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
diff --git a/main.go b/main.go
index a7dfdd8eac28453ec78f58796a7583218cb84d12..a8709f4272d07a874298d968b366d9fa19ffcdab 100644
--- a/main.go
+++ b/main.go
@@ -23,6 +23,7 @@ import (
 	_ "net/http/pprof"
 	"os"
 	"syscall"
+	"time"
 )
 
 var Version string // Set at build time in the Makefile
@@ -33,6 +34,7 @@ func main() {
 	listenNetwork := flag.String("listenNetwork", "tcp", "Listen 'network' (tcp, tcp4, tcp6, unix)")
 	listenUmask := flag.Int("listenUmask", 022, "Umask for Unix socket, default: 022")
 	authBackend := flag.String("authBackend", "http://localhost:8080", "Authentication/authorization backend")
+	authSocket := flag.String("authSocket", "", "Optional: Unix domain socket to dial authBackend at")
 	pprofListenAddr := flag.String("pprofListenAddr", "", "pprof listening address, e.g. 'localhost:6060'")
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
@@ -64,6 +66,20 @@ func main() {
 		log.Fatal(err)
 	}
 
+	var authTransport http.RoundTripper
+	if *authSocket != "" {
+		dialer := &net.Dialer{
+			// The values below are taken from http.DefaultTransport
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}
+		authTransport = &http.Transport{
+			Dial: func(_, _ string) (net.Conn, error) {
+				return dialer.Dial("unix", *authSocket)
+			},
+		}
+	}
+
 	// The profiler will only be activated by HTTP requests. HTTP
 	// requests can only reach the profiler if we start a listener. So by
 	// having no profiler HTTP listener by default, the profiler is
@@ -77,6 +93,6 @@ func main() {
 	// Because net/http/pprof installs itself in the DefaultServeMux
 	// we create a fresh one for the Git server.
 	serveMux := http.NewServeMux()
-	serveMux.Handle("/", newGitHandler(*authBackend))
+	serveMux.Handle("/", newGitHandler(*authBackend, authTransport))
 	log.Fatal(http.Serve(listener, serveMux))
 }