I have the following network configuration: F5 LB --> 2 NGNIX nodes --> App server

For server to server calls we sign the request based on scheme, port and uri on the source server and compare this signature on the destination by re-signing the request again based on the same parameters. server to server calls follow this path: source server --> F5 LB --> NGNIX --> destination server.

The original request sent by the source server is sent to https without port, and thus signed without port (or using default port for that matter). LB adds custom port to the request and pass it to NGNIX. NGNIX in turn is configured to pass the server scheme, host and port with the request to the app server:

proxy_set_header Host $host:$server_port;
proxy_set_header X-Scheme $scheme;

The destination server received the port coming from the LB instead of the one sent with the original request sent by the source server, ending up failing the signature check on the destination server. The same was tested with Apache, using ajp with the proxied servers and the request passed is holding the original port, not the one added by the LB.

After thorough reading, it comes up to a simple question: How do you access the original request (and port) in ngnix?