El servidor Minio detrás de Nginx arroja el error 104, la conexión restablecida por parte del par

Tengo una instancia de Minio configurada detrás de Nginx. Cada vez que sincronizo carpetas grandes usando rclone, aparece el error 104 de restablecimiento de conexión por error de pares por algún motivo. Seguí el tcpdump solo para asegurarme de que no sea culpa de Nginx y parece que no lo es. Minio está enviando los restablecimientos de conexión.

Salida de tcpdump desde mi PC a nginx:

12:45:56.037558 IP mypc.lan.50299 > myserver.lan.https: Flags [P.], seq 210758:211258, ack 271369, win 513, length 500
12:45:56.037567 IP myserver.lan.https > mypc.lan.50299: Flags [.], ack 211258, win 4014, length 0
12:45:56.041378 IP myserver.lan.https > mypc.lan.50294: Flags [P.], seq 304261:304440, ack 231696, win 6722, length 179
12:45:56.073311 IP myserver.lan.https > mypc.lan.50297: Flags [P.], seq 315796:315975, ack 250662, win 4042, length 179
12:45:56.092129 IP mypc.lan.50297 > myserver.lan.https: Flags [P.], seq 250662:251204, ack 315975, win 513, length 542
12:45:56.092148 IP myserver.lan.https > mypc.lan.50297: Flags [.], ack 251204, win 4052, length 0
12:45:56.097786 IP mypc.lan.50294 > myserver.lan.https: Flags [.], ack 304440, win 511, length 0
12:45:56.113142 IP mypc.lan.50294 > myserver.lan.https: Flags [P.], seq 231696:232196, ack 304440, win 511, length 500
12:45:56.113152 IP myserver.lan.https > mypc.lan.50294: Flags [.], ack 232196, win 6742, length 0
12:45:56.121592 IP myserver.lan.https > mypc.lan.50293: Flags [P.], seq 354178:354357, ack 282451, win 4629, length 179
12:45:56.174268 IP mypc.lan.50293 > myserver.lan.https: Flags [.], ack 354357, win 513, length 0
12:45:56.179362 IP myserver.lan.https > mypc.lan.50296: Flags [P.], seq 269665:270001, ack 211252, win 3463, length 336

y la salida tcpdump correspondiente en el loopback entre nginx y minio:

12:45:56.092237 IP localhost.40782 > localhost.cslistener: Flags [.], ack 1, win 512, options [nop,nop,TS val 4256686849 ecr 4256686849], length 0
12:45:56.092256 IP localhost.40782 > localhost.cslistener: Flags [P.], seq 1:599, ack 1, win 512, options [nop,nop,TS val 4256686849 ecr 4256686849], length 598
12:45:56.092264 IP localhost.cslistener > localhost.40782: Flags [.], ack 599, win 507, options [nop,nop,TS val 4256686849 ecr 4256686849], length 0
12:45:56.113223 IP localhost.40786 > localhost.cslistener: Flags [S], seq 1989401545, win 65495, options [mss 65495,sackOK,TS val 4256686870 ecr 0,nop,wscale 7], length 0
12:45:56.113231 IP localhost.cslistener > localhost.40786: Flags [S.], seq 2441514866, ack 1989401546, win 65483, options [mss 65495,sackOK,TS val 4256686870 ecr 4256686870,nop,wscale 7], length 0
12:45:56.113237 IP localhost.40786 > localhost.cslistener: Flags [.], ack 1, win 512, options [nop,nop,TS val 4256686870 ecr 4256686870], length 0
12:45:56.113253 IP localhost.40786 > localhost.cslistener: Flags [P.], seq 1:557, ack 1, win 512, options [nop,nop,TS val 4256686870 ecr 4256686870], length 556
12:45:56.113256 IP localhost.cslistener > localhost.40786: Flags [.], ack 557, win 508, options [nop,nop,TS val 4256686870 ecr 4256686870], length 0
12:45:56.121528 IP localhost.cslistener > localhost.40026: Flags [R.], seq 1, ack 557, win 512, options [nop,nop,TS val 4256686878 ecr 4256686639], length 0
12:45:56.179288 IP localhost.cslistener > localhost.40766: Flags [R.], seq 1, ack 653, win 512, options [nop,nop,TS val 4256686936 ecr 4256686696], length 0

Sin embargo, si abro el puerto 9000 y sincronizo la misma carpeta grande directamente todavía usando rclone, no aparece ese error en absoluto. Aquí está la salida de tcpdump sin que se produzcan errores:

12:44:00.253537 IP myserver.lan.cslistenedomacica.r > mypc.lan.49493: Flags [P.], seq 993647:994206, ack 681899, win 9686, length 559
12:44:00.253622 IP mypc.lan.49496 > myserver.lan.cslistener: Flags [P.], seq 530108:530599, ack 991128, win 513, length 491
12:44:00.254002 IP myserver.lan.cslistener > mypc.lan.49488: Flags [P.], seq 1007299:1007860, ack 690855, win 9674, length 561
12:44:00.254018 IP myserver.lan.cslistener > mypc.lan.49496: Flags [P.], seq 991128:991690, ack 530599, win 9662, length 562
12:44:00.254031 IP myserver.lan.cslistener > mypc.lan.49487: Flags [P.], seq 1039391:1039932, ack 653371, win 9709, length 541

No entiendo qué es diferente entre los dos procesos.

También estoy agregando la configuración del sitio nginx si alguien puede detectar algún problema aquí, tal vez:

server {
  server_name something;

  set $test 0;
  if ( $host != "something" ) {
    set $test 1;
  }
  if ( $host != "something" ) {
    set $test 1$test;
  }
  if ( $test = 11 ) {
    return 444;
  }

  # Allow special characters in headers
  ignore_invalid_headers off;
  # Allow any size file to be uploaded.
  # Set to a value such as 1000m; to restrict file size to a specific value
  client_max_body_size 0;
  # Disable buffering
  proxy_buffering off;
  proxy_request_buffering off;

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_connect_timeout 300;
    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    chunked_transfer_encoding off;

    proxy_pass http://127.0.0.1:9000;
  }

  location /ui/ {
    rewrite ^/ui/(.*) /$1 break;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-NginX-Proxy true;

    # This is necessary to pass the correct IP to be hashed
    real_ip_header X-Real-IP;

    proxy_connect_timeout 300;

    # To support websockets in MinIO versions released after January 2023
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    chunked_transfer_encoding off;

    proxy_pass http://127.0.0.1:9091;

  }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/something/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/something/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_verify_depth 2;
    ssl_verify_client on;
    ssl_client_certificate /etc/ssl/certs/ca.crt;

}

server {
    if ($host =something) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = something) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



  listen 80;
  listen [::]:80;
  server_name something;
    return 404; # managed by Certbot

}