diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf
index 42dd47ac5b3..9b9b786a378 100644
--- a/config/nginx.sample.conf
+++ b/config/nginx.sample.conf
@@ -99,23 +99,26 @@ server {
     # auth_basic on;
     # auth_basic_user_file /etc/nginx/htpasswd;
 
-    # proxy_set_header directives are inherited from the previous configuration
-    # level if and only if there are no proxy_set_header directives defined on
-    # the current level.
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Request-Start "t=${msec}";
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $thescheme;
-    proxy_set_header X-Sendfile-Type "";
-    proxy_set_header X-Accel-Mapping "";
-
     location ~ ^/uploads/short-url/ {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
 
     location ~ ^/(secure-media-uploads/|secure-uploads)/ {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
@@ -129,6 +132,13 @@ server {
     location = /srv/status {
       access_log off;
       log_not_found off;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
@@ -166,9 +176,12 @@ server {
     }
 
     location ~ ^/uploads/ {
-      # proxy_set_header directives are inherited from the previous configuration
-      # level if and only if there are no proxy_set_header directives defined on
-      # the current level.
+
+      # NOTE: it is really annoying that we can't just define headers
+      # at the top level and inherit.
+      #
+      # proxy_set_header DOES NOT inherit, by design, we must repeat it,
+      # otherwise headers are not set correctly
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Request-Start "t=${msec}";
@@ -176,7 +189,6 @@ server {
       proxy_set_header X-Forwarded-Proto $thescheme;
       proxy_set_header X-Sendfile-Type X-Accel-Redirect;
       proxy_set_header X-Accel-Mapping $public/=/downloads/;
-
       expires 1y;
       add_header Cache-Control public,immutable;
 
@@ -208,9 +220,6 @@ server {
     }
 
     location ~ ^/admin/backups/ {
-      # proxy_set_header directives are inherited from the previous configuration
-      # level if and only if there are no proxy_set_header directives defined on
-      # the current level.
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Request-Start "t=${msec}";
@@ -218,7 +227,6 @@ server {
       proxy_set_header X-Forwarded-Proto $thescheme;
       proxy_set_header X-Sendfile-Type X-Accel-Redirect;
       proxy_set_header X-Accel-Mapping $public/=/downloads/;
-
       proxy_pass http://discourse;
       break;
     }
@@ -227,6 +235,14 @@ server {
     # acceleration for backups, avatars, sprites and so on.
     # see note about repetition above
     location ~ ^/(svg-sprite/|letter_avatar/|letter_avatar_proxy/|user_avatar|highlight-js|stylesheets|theme-javascripts|favicon/proxied|service-worker|extra-locales/(mf|overrides)) {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
+
       # if Set-Cookie is in the response nothing gets cached
       # this is double bad cause we are not passing last modified in
       proxy_ignore_headers "Set-Cookie";
@@ -245,6 +261,13 @@ server {
 
     # we need buffering off for message bus
     location /message-bus/ {
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_http_version 1.1;
       proxy_buffering off;
       proxy_pass http://discourse;
@@ -261,6 +284,14 @@ server {
   }
 
   location @discourse {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Request-Start "t=${msec}";
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $thescheme;
+    proxy_set_header X-Sendfile-Type "";
+    proxy_set_header X-Accel-Mapping "";
     proxy_pass http://discourse;
   }
+
 }