server {
    listen %%interface%%:%%port%% default_server;
    include /etc/nginx/includes/server_params.conf;
    include /etc/nginx/includes/proxy_params.conf;
    client_max_body_size 0;

    location / {
       allow   172.30.32.2;
       deny    all;
       proxy_set_header X-WebAuth-User %%ingress_user%%;

       # Base from https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy#nginx
       proxy_bind              $server_addr;
       proxy_pass              http://127.0.0.1:8083;
       proxy_set_header        Connection              $http_connection;
       proxy_set_header        Upgrade                 $http_upgrade;
       proxy_set_header        Host                    $http_host;
       proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
       proxy_set_header        X-Script-Name           %%UIPATH%%;  # IMPORTANT: path has NO trailing slash

       # Optimisation
       proxy_buffering         off;
       proxy_read_timeout      30;
       add_header              Access-Control-Allow-Origin *;

      # Ensure work with both http and https (code by @met67)
       if ($http_referer ~* "^(http[s]?)://([^:]+):(\d*)(/.*)$") {
         set $x_scheme $1;
         set $x_host   $2;
         set $x_port   ":$3";
       }

      # Ensure works if standard port (code by @met67)
       if ($http_referer ~* "^(http[s]?)://([^:]+)(/.*)$") {
         set $x_scheme $1;
         set $x_host   $2;
         set $x_port   "";
       }

       proxy_set_header        X-Scheme                $x_scheme;
       proxy_redirect          https://$host/          $x_scheme://$host$x_port/;
       proxy_redirect          http://$host/           $x_scheme://$host$x_port/;
    }
}