Figured it out!
https://www.reddit.com/r/nginx/comments/eodrjc/nginx_stripping_websocket_upgrade_headers/
fireye quote:
----------------------------------------
Got it figured out, this is a quirk of HTTP/2.0 vs 1.1. Per RFC-2616:
The Upgrade header field is intended to provide a simple mechanism for transition from HTTP/1.1 to some other, incompatible protocol.
It looks like nginx discards the Upgrade header, when presented by a client, if the client communicates via HTTP2.0 already. You can confirm this by using the --http1.1 flag with curl and looking at the headers being transferred.
-----------------------------------------