Nginx

How to set up nginx reverse proxy to be completely transparent?

Nginx server - 192.168.1.1
Web server (Nextcloud) - 192.168.1.2

Port 80 and 443 forwarded on the router to 192.168.1.1
Reverse proxy on the sub.domain.com domain is configured on the web server

server {
        listen 443 ssl http2;
        server_name sub.domain.com;

  client_max_body_size 0;
  underscores_in_headers on;

  ssl on;
        ssl_certificate ssl_path;
        ssl_certificate_key key_path;

  ssl_stapling on;
  ssl_stapling_verify on;

        

        location / {
            proxy_headers_hash_max_size 512;
            proxy_headers_hash_bucket_size 64;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
            add_header Front-End-Https on;
            proxy_pass_header Server;
            proxy_pass https://192.168.1.2/;
        }
    }

Everything works flawlessly, Nextcloud passes its security check for 5 points

But!
I recently logged into the sub.domain.com domain and entered the wrong password and saw a report in the logs that indicated an unsuccessful login attempt and the remote ip was 192.168.1.1, that is, this is the Nginx server IP, although the IP of my machine is
192.168.1.113 I tried to log in incorrectly by entering not by domain, but by IP 192.168.1.2 and in the logs I saw the correct IP of my machine - 192.168.1.113.

It turns out that the web server always thinks that the nginx server is connecting to it when it is accessed via the domain. And in all the logs his IP appears.

Question. Is it supposed to be like this or is there something missing in the config?