The only difference that I see in what you are using compared with mine is you don't have
Code:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
which may be included in your
Code:
include snippets/ssl.conf;
and you can remove http2 from
Code:
listen 8443 ssl http2;
as you are not sending files, so is not any benefit, but I can't say it will improve connection speed or performance.
Also, I have recently change this to on
Code:
proxy_buffering off;
as I think it was a typo, originally.
Just to be sure, you have XBT listening on port 4000?
My debug page shows the real ip address of the clients.
Otherwise, I don't see any issues.