...
1 Have the load balancer set X-Forwarded-Proto to https and use a Valve to determine when to set HTTP/HTTPS. This works all the time, but requires a little more setup.
2 In your server.xml in the host section where you will see other valves add an additional valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="192\.168\.0\.10|192\.168\.0\.11" remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />and in your load balancer configuration, set the X-Forwarded-Proto header
Modify the ip addresses shown here to your Load Blanacer IP addresses.
Keep the format of the ip addresses like this in regex format \. instead of ., and use | for OR.
See https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html for more information about how that works.
The example titled “Sample with internal proxies” is likely the one closest to the needs of most customers with load balancers.
3 in your load balancer configuration, set the X-Forwarded-Proto header.