The nginx is set up accordingly like on the Xwiki tomcat9 configuration documentation for https with the headers:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Scheme $scheme;
And as I understand it, because of exactly what you have said, the the tomcat https configuration documentation lists these necessary modifications so that tomcat starts listening to the reverse proxy’s protocol headers by modifying the tomcat Valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
….
**remoteIpHeader="x-forwarded-for"**
**protocolHeader="x-forwarded-proto"**
…
</Valve>
As well as modification the tomcat Connector:
<Connector port="8080"
...
**secure="true"**
**scheme="https"**
…
</Connector>
Without this, the tomcat in the .DEB package runs into the issues of not knowing the protocol, when using for example nginx with https.
After doing the two referred modifications https with nginx and tomcat9 works good.
But as xjetty behaves with the same issues just as tomcat9 without modifications, I estimate that xjetty needs similar modifications when enabling https on the reverse proxy?
Or is xjetty listening to other headers by default which would mean nginx needs to be configured differently when serving for xjetty?