Solution to j_spring_security_check redirect to http

aseques · May 21, 2026, 8:33am

Hi, there’s a longstading issue that has been affecting several users here Jira or here Jira, the issue is that when you are using geoserver behind a proxy such as nginx and you login to the platform, it checks your credentials to https://geoserver.example.com/geoserver/j_spring_security_check, and gets a redirect to http://geoserver.example.com/geoserver/web (without https)

The problem is multifactor, but in my case I could finally solve it with these three changes:

Adding to the general server.xml a rule to read the protocol headers

   **<Valve** className="org.apache.catalina.valves.RemoteIpValve" 
             remoteIpHeader="x-forwarded-for" 
             protocolHeader="x-forwarded-proto" 
             protocolHeaderHttpsValue="https"**/>**

Add to tomcat startup the flag from geoserver to respect the URL headers

JAVA_OPTS="-Djava.awt.headless=true -DPROXY_BASE_URL_HEADERS=true

In the global.xml file that I have customized with -DGEOSERVER_DATA_DIR=/var/opt/geoserver/data I use an expression with templates

${X-Forwarded-Proto}://${X-Forwarded-Host}/geoserver****

I would like to report into https://osgeo-org.atlassian.net the issue so at least the documentation could be improved, but with my account I can’t do it

Peter · May 22, 2026, 8:23am

Hi @aseques

a) Thank you for documenting your fix. Could you be so kind as to edit the documentation itself (requires a GitHub account and following Quickfix - Documentation) and add it there for everyone? This issue might also be relevant: 2.27.1 New data source page not working

b) It seems your account fell foul of Cannot create a Jira account to log a GeoServer/GeoTools issue - #11 by jive - could you report your Jira account issue there, so that we can try to fix it?

Peter