Make RemoteIpValve's protocolHeaderHttpsValue configurable via the env

Closes gh-3289

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java

@@ -271,6 +271,11 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 		 */
 		private String protocolHeader;
 
+		/**
+		 * Value of the protocol header that indicates that the incoming request uses SSL.
+		 */
+		private String protocolHeaderHttpsValue = "https";
+
 		/**
 		 * Name of the HTTP header used to override the original port value.
 		 */
@@ -400,6 +405,14 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 			this.protocolHeader = protocolHeader;
 		}
 
+		public String getProtocolHeaderHttpsValue() {
+			return this.protocolHeaderHttpsValue;
+		}
+
+		public void setProtocolHeaderHttpsValue(String protocolHeaderHttpsValue) {
+			this.protocolHeaderHttpsValue = protocolHeaderHttpsValue;
+		}
+
 		public String getPortHeader() {
 			return this.portHeader;
 		}
@@ -445,6 +458,7 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 				valve.setProtocolHeader(protocolHeader);
 				valve.setInternalProxies(getInternalProxies());
 				valve.setPortHeader(getPortHeader());
+				valve.setProtocolHeaderHttpsValue(getProtocolHeaderHttpsValue());
 				factory.addContextValves(valve);
 			}
 

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java

@@ -165,6 +165,7 @@ public class ServerPropertiesTests {
 		assertThat(valve, instanceOf(RemoteIpValve.class));
 		RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
 		assertEquals("x-forwarded-proto", remoteIpValve.getProtocolHeader());
+		assertEquals("https", remoteIpValve.getProtocolHeaderHttpsValue());
 		assertEquals("x-forwarded-for", remoteIpValve.getRemoteIpHeader());
 
 		String expectedInternalProxies = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8
@@ -182,6 +183,7 @@ public class ServerPropertiesTests {
 		map.put("server.tomcat.protocol_header", "x-my-protocol-header");
 		map.put("server.tomcat.internal_proxies", "192.168.0.1");
 		map.put("server.tomcat.port-header", "x-my-forward-port");
+		map.put("server.tomcat.protocol-header-https-value", "On");
 		bindProperties(map);
 
 		TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
@@ -192,6 +194,7 @@ public class ServerPropertiesTests {
 		assertThat(valve, instanceOf(RemoteIpValve.class));
 		RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
 		assertEquals("x-my-protocol-header", remoteIpValve.getProtocolHeader());
+		assertEquals("On", remoteIpValve.getProtocolHeaderHttpsValue());
 		assertEquals("x-my-remote-ip-header", remoteIpValve.getRemoteIpHeader());
 		assertEquals("x-my-forward-port", remoteIpValve.getPortHeader());
 		assertEquals("192.168.0.1", remoteIpValve.getInternalProxies());

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -81,6 +81,7 @@ content into your application; rather pick only the properties that you need.
 			169\\.254\\.\\d{1,3}\\.\\d{1,3}|\\
 			127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses
 	server.tomcat.protocol-header=x-forwarded-proto # front end proxy forward header
+	server.tomcat.protocol-header-https-value=https # value of the protocol header that indicates that the incoming request uses SSL
 	server.tomcat.port-header= # front end proxy port header
 	server.tomcat.remote-ip-header=x-forwarded-for
 	server.tomcat.basedir=/tmp # base dir (usually not needed, defaults to tmp)