# Proxy Header Settings
# Use this with all reverse proxy vhosts

# Force http 1.1, anything not supporting it shouldn't be used
proxy_http_version 1.1;

# Replay attack mitigation for early data
proxy_set_header Early-Data $ssl_early_data;

# Restore visitor IP
proxy_set_header X-Real-IP $remote_addr;

# Restore original method & URL
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-URI $request_uri;

# Forward host header
proxy_set_header Host $http_host;

# Upgrade connection
proxy_set_header   Upgrade $http_upgrade;
proxy_set_header   Connection "upgrade";

# Enable X-Forwarded headers
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;