Fresh install of 3.3, but with a server.xml imported from 2.7.2 during the setup.

Setup on default ports.  Accessed via reverse proxy in httpd. After import, updated {INSTALL_DIR}/apache-tomcat/conf/server.xml to add proxyPort, proxyName, and scheme.

I am able to login when accessed via IP address, however when accessed via the configured Base URL the login returns to the login page without an error.  Browser Network indicates a 302 from j_security_check, but there is no error in the logs.  Sometimes (usually before the 'Initiating Jersey' message appears in the log) there is an XSRF failure error.

When logging in through the IP address, various pages will result in an XSRF error in the logs:

2018-12-05 11:06:37,298 http-nio-8095-exec-8 WARN [common.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: https://<url>/crowd/rest/webResources/1.0/resources , origin: https://<ip> , referrer: https://<ip>/crowd/console/secure/admin/general.action , credentials in request: true , allowed via CORS: false