My Tomcat server sits behind an Apache reverse proxy. Although everything seems to be configured properly, request.isSecure() returns false.
Apache runs on the same machine as Tomcat.
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
Upon further inspection, Tomcat does receive the X-Forwarded-Proto header with https. However there must be a misconfiguration with the valve above.
As per the RemoteIpValve docs, Tomcat always checks that req.getRemoteAddr() fits either the internalProxies or the trustedProxies of the valve.
Make sure that this remote address fits the one you set in the valve. If the proxy uses an IPv6 address (0:0:0:0:0:0:0:1), 127.0.0.1 won't work.
Instead, do not override internalProxies as the default regex works pretty well, e.g. :
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />