ERR_TOO_MANY_REDIRECTS com JSF 2.2, Spring Security-3.2 e Tomcat 8.5

Olá,

Tenho um app rodando normalmente com a arquitetura do título, nas portas padrões 8080 e 8443 em um vps ubuntu 16.

Estou tentando colocá-lo abrindo direto pela porta 80 e 443.

Instalei o Nginx pra fazer o redirecionamento e só com o Tomcat funcionou de boa.

Porém quando faço o deploy do app e tento acessá-lo, o navegador me apresenta o erro: ERR_TOO_MANY_REDIRECTS

na url aparece várias vezes repetidas o context do app, ex: [example.com/app/app/app/app/app] ao invés de aparecer apenas uma.

o applicationContext.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<beans:bean id="appUserDetailsService"
	class="info.domain.app.util.security.AppUserDetailsService" />

<beans:bean id="exceptionTranslationFilter"
	class="org.springframework.security.web.access.ExceptionTranslationFilter">
	<beans:property name="accessDeniedHandler" ref="jsfAccessDeniedHandler" />
	<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</beans:bean>

<beans:bean id="jsfAccessDeniedHandler"
	class="info.domain.app.util.security.JsfAccessDeniedHandler">
	<beans:property name="loginPath" value="/AcessoNegado.xhtml" />
	<beans:property name="contextRelative" value="true" />
</beans:bean>

<beans:bean id="authenticationEntryPoint"
	class="info.domain.app.util.security.JsfLoginUrlAuthenticationEntryPoint">
	<beans:property name="loginFormUrl" value="/Login.xhtml" />
	<beans:property name="redirectStrategy" ref="jsfRedirectStrategy" />
</beans:bean>


<beans:bean id="jsfRedirectStrategy"
	class="info.domain.app.util.security.JsfRedirectStrategy" />
<http pattern="/Erro.xhtml" security="none" />
<http pattern="/javax.faces.resource/**" security="none" />
<http pattern="/resources/**" security="none" />

<http auto-config="false" use-expressions="true">

	<custom-filter ref="exceptionTranslationFilter" before="FILTER_SECURITY_INTERCEPTOR" />

	<intercept-url pattern="/Home.xhtml" access="isAuthenticated()"
		requires-channel="https" />
	<intercept-url pattern="/AcessoNegado.xhtml" access="isAuthenticated()"
		requires-channel="https" />
	<intercept-url pattern="/solicitacaoTransporte/**"
		access="hasAnyRole('GERENCIA','CLIENTE','ADMINISTRADOR','COORDENAÇÃO LOGISTICA', 'COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/cliente/**" access="hasAnyRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url
		pattern="/usuarioGERENCIA/CadastroUsuarioGERENCIA.xhtml"
		access="hasAnyRole('ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url
		pattern="/usuarioGERENCIA/PesquisaUsuariosGERENCIA.xhtml"
		access="hasAnyRole('GERENCIA','ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url
		pattern="/usuarioGERENCIA/AlteraSenhaGERENCIA.xhtml"
		access="hasAnyRole('GERENCIA', 'ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/usuarioCliente/CadastroUsuarioCliente.xhtml"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA','ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/usuarioCliente/AlteraSenhaCliente.xhtml"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA', 'CLIENTE', 'ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/usuarioCliente/PesquisaUsuariosCliente.xhtml"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA', 'ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/veiculos/**"
		access="hasAnyRole('GERENCIA','ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/lw/**"
		access="hasAnyRole('CLIENTE','ADMINISTRADOR','COORDENAÇÃO LOGISTICA')"
		requires-channel="https" />
	<intercept-url pattern="/localidade/**"
		access="hasAnyRole('GERENCIA','CLIENTE','ADMINISTRADOR','COORDENAÇÃO LOGISTICA','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/linha/**"
		access="hasAnyRole('CLIENTE','ADMINISTRADOR','COORDENAÇÃO LOGISTICA')"
		requires-channel="https" />
	<intercept-url pattern="/itemCarga/**"
		access="hasAnyRole('GERENCIA','COORDENAÇÃO LOGISTICA','ADMINISTRADOR', 'CLIENTE','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/grupo/**" access="hasAnyRole('')"
		requires-channel="https" />
	<intercept-url pattern="/centrodecusto/**"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA','CLIENTE','ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/grupoItemCarga/**"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA','CLIENTE','GERENCIA','ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/categoriaItemCarga/**"
		access="hasAnyRole('COORDENAÇÃO LOGISTICA','CLIENTE','GERENCIA','ADMINISTRADOR','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/rota/**"
		access="hasAnyRole('GERENCIA','ADMINISTRADOR','COORDENAÇÃO LOGISTICA','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/sonda/**"
		access="hasAnyRole('CLIENTE','GERENCIA','ADMINISTRADOR','COORDENAÇÃO LOGISTICA','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/tabelaPreco/**"
		access="hasAnyRole('GERENCIA','ADMINISTRADOR','COORDENAÇÃO LOGISTICA','COORDENAÇÃO GERENCIA')"
		requires-channel="https" />
	<intercept-url pattern="/vigenciaPlano/**" access="hasAnyRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/planoEmpresarial/**" access="hasAnyRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/contrato/**"
		access="hasAnyRole('CLIENTE','ADMINISTRADOR','COORDENAÇÃO LOGISTICA')"
		requires-channel="https" />
	<intercept-url pattern="/GERENCIA/**" access="hasAnyRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/Login.xhtml" access="permitAll"
		requires-channel="https" />
	<intercept-url pattern="/ConfirmacaoCadastroUsuario.xhtml"
		access="permitAll" requires-channel="https" />
	<intercept-url pattern="/RedefinirSenha.xhtml" access="permitAll"
		requires-channel="https" />
	<intercept-url pattern="/**" access="hasRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/monitoring*" access="hasRole('ADMINISTRADOR')"
		requires-channel="https" />
	<intercept-url pattern="/monitoring/**" access="hasRole('ADMINISTRADOR')"
		requires-channel="https" />

	<form-login login-page="/Login.xhtml" default-target-url="/"
		always-use-default-target="true" authentication-failure-url="/Login.xhtml?invalid=true" />
	<logout logout-url="/j_spring_security_logout"
		invalidate-session="true" />

	<session-management session-fixation-protection="none">
		<concurrency-control max-sessions="1" />
	</session-management>
	<port-mappings>
		<port-mapping http="8080" https="8443" />
	</port-mappings>
</http>

<authentication-manager>
	<authentication-provider user-service-ref="appUserDetailsService">
		<password-encoder hash="md5" />
	</authentication-provider>
</authentication-manager>

</beans:beans>

Você pode me dar uma luz? Por favor…