From c73136c06e5f3463e3ac4b7c9e5ef8ede990a91c Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 15 Feb 2021 15:12:34 +0100
Subject: [PATCH] Fixes #20713. protocolHeader="X-Forwarded-Proto".

---
 templates/tomcat-server.xml.j2 | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/templates/tomcat-server.xml.j2 b/templates/tomcat-server.xml.j2
index 9dc83aa..f32f020 100644
--- a/templates/tomcat-server.xml.j2
+++ b/templates/tomcat-server.xml.j2
@@ -126,6 +126,16 @@
     -->
     <Engine name="Catalina" defaultHost="localhost">
 
+{% if tomcat_ajp_enabled %}
+      <!-- Automatically substitutes the IP with the one contained
+             in the x-forwarded-for header if that header is set -->
+           <Valve className="org.apache.catalina.valves.RemoteIpValve"
+                  remoteIpHeader="X-Forwarded-For"
+                  protocolHeader="X-Forwarded-Proto"
+                  protocolHeaderHttpsValue="https"
+                  />
+{% endif %}
+
       <!--For clustering, please take a look at documentation at:
           /docs/cluster-howto.html  (simple how to)
           /docs/config/cluster.html (reference documentation) -->
@@ -154,9 +164,6 @@
         -->
 
 {% if tomcat_access_log_enabled %}
-        <!-- Automatically substitutes the IP with the one contained
-             in the x-forwarded-for header if that header is set -->
-        <Valve className="org.apache.catalina.valves.RemoteIpValve" />
         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="combined" -->