nixos/nginx: set X-Forwarded-Server proxy header to hostname

X-Forwarded-Server represents the last server in a row of reverse proxies
in the common use, see:
- https://www.fastly.com/documentation/reference/http/http-headers/X-Forwarded-Server/
- https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers
- https://docs.valsight.com/on-premise/latest/reverse-proxy

X-Forwarded-Host instead is the original request host.

This change adapts our NGINX module to the common use of this header.

nixos/doc/manual/release-notes/rl-2511.section.md

@@ -326,6 +326,8 @@
 - `services.varnish.http_address` has been superseeded by `services.varnish.listen` which is now
   structured config for all of varnish's `-a` variations.
 
+- `services.nginx.recommendedProxySettings` now sets `X-Forwarded-Server` to the hostname of nginx instead of the original host.
+
 - [](#opt-services.gnome.gnome-keyring.enable) does not ship with an SSH agent anymore, as this is now handled by the `gcr_4` package instead of `gnome-keyring`. A new module has been added to support this, under [](#opt-services.gnome.gcr-ssh-agent.enable) (its default value has been set to [](#opt-services.gnome.gnome-keyring.enable) to ensure a smooth transition). See the [relevant upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67) for more details.
 
 - The `nettools` package (ifconfig, arp, mii-tool, netstat, route) is not installed by default anymore. The suite is unmaintained and users should migrate to `iproute2` and `ethtool` instead.

nixos/modules/services/web-servers/nginx/default.nix

@@ -108,7 +108,7 @@ let
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_set_header        X-Forwarded-Host $host;
-    proxy_set_header        X-Forwarded-Server $host;
+    proxy_set_header        X-Forwarded-Server $hostname;
   '';
 
   proxyCachePathConfig = concatStringsSep "\n" (