Steps

When using Nginx or Apache HTTP Server as a reverse proxy in front of Apache Tomcat / XWiki, Tomcat should be configured to correctly interpret forwarded proxy headers (such as the original client IP address and HTTPS protocol), if such headers are used in the reverse proxy configuration.

1. Open the server.xml file in the Tomcat configuration directory. (Usually located in /tomcat_version/conf/server.xml).
2. Locate the following <Engine> element:

   <Engine name="Catalina" defaultHost="localhost">

3. Add the following RemoteIpValve configuration directly inside the <Engine> element:

   <Engine name="Catalina" defaultHost="localhost">
   
       <Valve className="org.apache.catalina.valves.RemoteIpValve"
           internalProxies="127\.0\.[0-1]\.1"
           remoteIpHeader="x-forwarded-for"
           requestAttributesEnabled="true"
           protocolHeader="x-forwarded-proto"
           protocolHeaderHttpsValue="https" />
   
   </Engine>

4. Save the file.
5. Restart Tomcat to apply the changes.
6. Verify the configuration by accessing your wiki through the proxy URL: https://yourdomain.com/xwiki. Verify that:
   • HTTPS URLs are generated correctly.
   • Redirects use HTTPS.
   • The client IP address is correctly forwarded.
   • Login sessions and WebSocket connections work properly.