Nginx

How to combine using nginx sstp vpn + https backends?

There is nginx with a stream configuration like this:

stream {
    map $ssl_preread_server_name $name {
        vpn.example.com vpn;
        default https;
    }

    upstream https {
        server 127.0.0.1:443;
    }

    upstream vpn {
        server 192.168.23.4:443;
    }

    server {
        listen 192.168.23.101:443;
        proxy_pass $name;
        ssl_preread on;
        # proxy_protocol on;
    }
}

server {
    listen 127.0.0.1:443 ssl;
    server_name site.example.com;
    ssl_certificate     /root/.acme.sh/*.example.com/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/*.example.com/*.example.com.key;

    location / {
        proxy_pass http://site.local:8080;
    }
}

In this form, both https and sstp vpn work, but the source ip is lost and all connections come from 127.0.0.1. And I would like to filter by addresses, for example, to let some sites only from addresses issued to VPN users.
As one of the solutions https://docs.nginx.com/nginx/admin-guide/load-bala... , insert proxy_protocol on into the stream (in my example it is commented out), add proxy_protocol in backends to listen, everything is fine, the source addresses are now there, you can filter, but the VPN does not work, throwing out errors like:

[error] 11270#11270: *384329 recv() failed (104: Connection reset by peer) while proxying and reading from upstream, client: 1.2.3.4, server: 192.168.23.
101:443, upstream: "192.168.23.4:443", bytes from/to client:0/0, bytes from/to upstream:0/225

Here, in general, two questions arise:
1. Is it possible to forward the SSTP protocol using proxy_protocol, or is it basically impossible and I'm doing something stupid?
2. If you still disable proxy_protocol, where does the source ip of the client die and how can it be restored, in order to be able to restrict access using ngx_http_access_module?