Nginx reverse proxy — common configuration mistakes

Nginx reverse proxy returns 502 Bad Gateway, loses request headers, sends wrong host to upstream, or breaks WebSocket connections. Configuration looks correct but the application behind nginx misbehaves.

(1) 502 Bad Gateway: upstream is down or unreachable. Check upstream address and port. Verify the app is actually listening. (2) Host header lost: add proxy_set_header Host $host; — without this, upstream sees the proxy address. (3) Real client IP lost: add proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;. (4) WebSocket: add proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade';. (5) Large request body rejected: increase client_max_body_size (default 1MB). (6) Timeout on slow endpoints: increase proxy_read_timeout (default 60s). (7) HTTPS upstream: use proxy_pass https:// and set proxy_ssl_verify.

Nginx strips most client headers when proxying by default. Each proxy_set_header explicitly forwards information the upstream application needs to function correctly.