Tomcat config is incorrect warning in Confluence 7.11 or later when there are two reverse proxies

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


When there are multiple reverse proxy layers in front of Confluence, such as:

  • (NGINX/Apache) (port: 443) → (AWS ELB) (port: 80) → Tomcat (port: 8090)
  • (NGINX/Apache) (port: 443) → (Azure App Gateway) (port: 80) → Tomcat (port: 8090)

Confluence displays the following message to administrators:

Tomcat config is incorrect

The Tomcat server.xml has an incorrect configuration:

scheme should be '<recommended scheme>'
proxyName should be '<recommended proxyName>'
proxyPort should be '<recommended proxyPort>'


  • Confluence version is Confluence 7.11 or later
  • There are two or more reverse proxies in front of the Confluence Server
  • The URL used in the Browser URL is correct (e.g. (tick)
  • The reverse proxy tags are correctly set on the Tomcat connector (tick)

            <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                       maxThreads="48" minSpareThreads="10"
                       enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                       proxyName="" proxyPort="443" scheme="https"
  • The Server Base URL is set correctly in Confluence Administration » General Configuration to (tick)
  • Running this Javascript in the Console tab of the Browser Developer Tools returns the correct results (tick)

    >> window.location.protocol + '//' + + AJS.contextPath();
  • Running this Javascript on the Console tab of the Browser Developer Tools returns the incorrect result (error)

    Actual Results
    >> AJS.Meta.get('server-scheme') + '://' + AJS.Meta.get('server-name') + ':' + AJS.Meta.get('server-port') + AJS.contextPath();
    Expected Results
    >> AJS.Meta.get('server-scheme') + '://' + AJS.Meta.get('server-name') + ':' + AJS.Meta.get('server-port') + AJS.contextPath();


This is usually because the middle layer Load Balancer/Reverse Proxy (such as AWS ELB or Azure App Gateway) has injected these HTTP Headers:

  • X-Forwarded-Proto 
  • X-Forwarded-Port 

Example: As per the AWS ELB HTTP headers and Application Load Balancers documentation:

The X-Forwarded-Proto request header helps you identify the protocol (HTTP or HTTPS) that a client used to connect to your load balancer.
The X-Forwarded-Port request header helps you identify the destination port that the client used to connect to the load balancer.

The default <confluence-install-directory>/conf/server.xml  included with Confluence 7.11+ has this RemoteIpValve enabled:

<!-- -->
<Valve className="org.apache.catalina.valves.RemoteIpValve" />

The default enabled 
RemoteIpValve included in Confluence 7.11+ applies the values from the X-Forwarded-Proto and X-Forwarded-Port HTTP headers which causes the Tomcat reverse proxy health check to report the warning.


If you have checked that all the above items in the Diagnosis section are configured correctly, the RemoteIpValve can be commented out as such:

  1. Shutdown Confluence.
  2. Edit <confluence-install-directory>/conf/server.xml 
  3. Comment out the RemoteIpValve with <!-- ........ --> as such:

    <!-- <Valve className="org.apache.catalina.valves.RemoteIpValve" /> -->
  4. Start Confluence.
  5. The Tomcat config is incorrect warning should no longer appear.

If you still see the Tomcat config is incorrect warning after checking your server.xml, please also review:

Last modified on Feb 9, 2022

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.