`HttpServletResponse.sendRedirect()` drops URL scheme

I've been trying to get a local instance to run on non-default ports. After fixing the SAML request & metadata handling to respect the provided port, I stumbled upon a weird issue:

All instances of HttpServletResponse.sendRedirect(path) seem to redirect me to host:port/path, without an explicit scheme. When using port 443 this is fine, as browsers implicitly treat this as https://. But all other ports get treated as http://, so in effect, all redirects drop the https scheme.

In my case, replacing every instance of sendRedirect(path) with sendRedirect("https://localhost:8443" + path) works, but that's obviously no solution. Am I missing some Wildfly configuration?

I've tried this with both Apache and Caddy as the TLS proxy, and both definitely set the required headers like X-Forwarded-Proto