Firstly, I've checked via the manually created /Headers page as well -> we are also already sending the "X-Forwarded-Proto: https" header from the Apache.
So I've checked the Tomcat side for an issue -> SOLUTION: it is necessary to add the RemoteIpValve valve into the Tomcat's configuration (tested adding it to <Engine> in server.xml, but more specific locations should work as well; no need to set scheme="https" as described previously):
In fact, this valve IS mentioned in the instructions for setup with nginx -here. ISSUE: For an unknown reason, probably just by a mistake, the valve is not mentioned in the section dedicated to setup with Apache - so quite logically, people can miss this step. What about putting this instruction one level up on the linked wiki page?
What still remains a mystery is why sending "Forwarded: proto=https" instead of "X-Forwarded-Proto: https" should also work according to your findings (I haven't tested this myself) and your wiki. Because according to all the documentation and Tomcat's valve/filter (there is also this RemoteIpFilter that does the very same job) source code, support for "Forwarded" simply shouldn't be there...
(And of course, the XWiki's inconsistency in implementing similar "create page" use cases is also still an issue IMHO, but I don't have enough insight to suggest a solution.)
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)
If image attachments aren't displayed, see this article.
