Vault with nginx reverse proxy

Hello,

I am using vault behind nginx reverse proxy. Vault version is 1.4.2
My nginx.conf is as follows

    location /vault/{
        proxy_set_header X-Real-Ip $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_pass    http://vault:8200/;
        # proxy_set_header X-Forwarded-For $remote_addr;
    } 

I am trying to use app role for authentication with secret_id_bound_cidrs constraint. But when I send login request to vault, with the relevant role id, I cannot authenticate even after allowing my client ip in the cidrs. I am also setting below in the vault config, so that always my client ip is considerered.

“proxy_protocol_behavior”:“use_always”

But when I see audit logs, the remote_addr shows the address of the docker container where vault is installed. So the remote_addr in vault is not considering my real client ip that is calling the vault behind nginx

Please help.