Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says

Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName.

which differs from all of our other documentation (including https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html). the secure attribute *should* be set to true to make tomcat treat HTTPS requests that nginx terminates as https (/secure) requests.