diff --git a/roles/sys-svc-proxy/templates/location/ws.conf.j2 b/roles/sys-svc-proxy/templates/location/ws.conf.j2
index 8bf24ddd..b7939f59 100644
--- a/roles/sys-svc-proxy/templates/location/ws.conf.j2
+++ b/roles/sys-svc-proxy/templates/location/ws.conf.j2
@@ -1,14 +1,14 @@
 location {{ location_ws }} {
-  proxy_set_header Host              $host;
-  proxy_set_header X-Real-IP         $remote_addr;
-  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto $scheme;
-  proxy_pass                         http://127.0.0.1:{{ ws_port }};
+  proxy_set_header      Host              $host;
+  proxy_set_header      X-Real-IP         $remote_addr;
+  proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;
+  proxy_set_header      X-Forwarded-Proto $scheme;
+  proxy_pass            http://127.0.0.1:{{ ws_port }};
   
   # Proxy buffering needs to be disabled for websockets. 
   proxy_buffering      off;
   proxy_http_version   1.1;
-  proxy_set_header     Upgrade        $http_upgrade;
-  proxy_set_header     Connection     $connection_upgrade;
+  proxy_set_header     Upgrade            $http_upgrade;
+  proxy_set_header     Connection         $connection_upgrade;
   tcp_nodelay          on;
 }
\ No newline at end of file
diff --git a/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2
index 51819b13..4fca3871 100644
--- a/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2
+++ b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2
@@ -1,8 +1,3 @@
-map $http_upgrade $connection_upgrade {
-  default upgrade;
-  ''      close;
-}
-
 server {
   server_name {{ domain }};
 
diff --git a/roles/sys-svc-webserver-core/templates/nginx.conf.j2 b/roles/sys-svc-webserver-core/templates/nginx.conf.j2
index 919d014b..6820eff6 100644
--- a/roles/sys-svc-webserver-core/templates/nginx.conf.j2
+++ b/roles/sys-svc-webserver-core/templates/nginx.conf.j2
@@ -7,6 +7,15 @@ events
 
 http
 {
+  {#
+    Map the client's Upgrade header to the proper Connection value for WebSocket proxying:
+    use "upgrade" when an Upgrade is requested, otherwise "close". Define once in http{} and use $connection_upgrade.
+  #}
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+  }
+
   include mime.types;
 
   {# default_type  application/octet-stream; If html filter does not work, this one needs to be used#}